| Re: When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? [message #179859 is a reply to message #179858] |
Wed, 12 December 2012 18:50   |
Daniel Pitts
Messages: 68
Registered: May 2012
Karma:
|
Member |
|
|
On 12/12/12 9:22 AM, Tony Marston wrote:
> "Scott Johnson" wrote in message news:kaa0on$qjt$1(at)dont-email(dot)me...
>>
>> On 12/11/2012 11:25 PM, Tony Marston wrote:
>>
>>>> You may try phpinfo() to get the full list of data/variables set by
>>>> your server. Some here may ask for that info to help you further.
>>>
>>> The output from phpinfo() looks perfectly normal and correct. It shows
>>> the expected values for SERVER_NAME and HTTP_HOST.
>>>
>>
>> If you are getting the right value in SERVER_NAME and HTTP_HOST using
>> phpinfo() but are then getting a different value when you use the same
>> variable in your script, then you have an error in your script.
>
> These is no error in the script as it runs perfectly for thousands of
> requests, but occasionally it fails because $_SERVER['SERVER_NAME'] and
> $_SERVER['HOST_NAME'] contain values which are different from those
> which I expect and which are reported by phpinfo(). It appears that is
> *IS* possible for the client to spoof these values, as reported in
> http://shiflett.org/blog/2006/mar/server-name-versus-http-host
>
The way that HTTP works, is that the client connects to the IP address,
and then sends the host name it was trying to connect to as part of the
headers. eg. Host: www.example.com. This allows for many virtual hosts
on a single IP/Port.
What could happen is that someone's DNS is pointing to your IP, and so
you receive a request that was meant for a different URL.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]