> From: Marcin 'Rambo' Roguski [mailto:rambo@xxxxxxxxxxxx] > > >> Instead of display a dummy url : > >> http://s1.ncs.com/inventoryappl > > > spoofing DNS, I'm not at all sure what he was talking about > > From my understanding the question was if one can hide real url and > display a fake one at users client (i.e. browser). Marcin, I'm also curious about your statement about security hole when spoofing a domain name via mod-rewrite. Isn't mod-rewrite *all* about spoofing URL's (which can include domain name part)? OK, it is used to remap URL trees for moving / restructuring a website (which is not spoofing) but it is also used to allow for more user-friendly URL's that are then mapped to various servers, web apps etc, which *is* a kind of spoofing. Similarly, manipulate domain name given by client to infer real URL to use in backend (also kind of spoofing). Oliver --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|