I run a server with apache 1.3 and php 5.
Yesterday I notice that sometimes the HTTP_HOST server variable has a
comma separated list in it.
Let's say my domain name is: www.mydomain.com
Usually the HTTP_HOST value is of course "www.mydomain.com".
But sometimes it is: "www.mydomain.com, www.mydomain.com".
Is that supposed to be a correct behabior??
And if it is, what would be the meaning of such a list of hosts??
And If this is a correct behavior, then that means we cannot longer
trust the HTTP_HOST value to make a full absolute URL. Like when you
do:
"http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ;
Regards, and thanks by your replies. 7  2973 
On Thu, 06 Mar 2008 19:54:44 +0100, Hermann <He*************@gmail.com>
wrote:
I run a server with apache 1.3 and php 5.
Yesterday I notice that sometimes the HTTP_HOST server variable has a
comma separated list in it.
Let's say my domain name is: www.mydomain.com
Usually the HTTP_HOST value is of course "www.mydomain.com".
But sometimes it is: "www.mydomain.com, www.mydomain.com".
Is that supposed to be a correct behabior??
And if it is, what would be the meaning of such a list of hosts??
And If this is a correct behavior, then that means we cannot longer
trust the HTTP_HOST value to make a full absolute URL. Like when you
do:
"http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ;
HTTP_HOST has the (user supplied) Host: header.
As I've never had any site that wasn't a virtual host, I normally use
$_SERVER['SERVER_NAME'] when I need it (which is only on header redirects,
for the remainder of the links I leave the whole protocol & domain portion
out of it).
--
Rik Wasmus
..oO(Hermann)
>I run a server with apache 1.3 and php 5.
Yesterday I notice that sometimes the HTTP_HOST server variable has a
comma separated list in it.
Let's say my domain name is: www.mydomain.com
Next time please use example.com or .org for giving example URLs. They
are explicitly reserved for that purpose and not in use for anything
else.
>Usually the HTTP_HOST value is of course "www.mydomain.com".
But sometimes it is: "www.mydomain.com, www.mydomain.com".
Is that supposed to be a correct behabior??
No, it's not a valid hostname. If this was really sent by the client,
then IMHO the server should reject the request with "400 Bad Request".
Micha
On Mar 6, 9:32*pm, Michael Fesser <neti...@gmx.dewrote:
.oO(Hermann)
Next time please use example.com or .org for giving example URLs. They
are explicitly reserved for that purpose and not in use for anything
else.
Thanks by the advice.
No, it's not a valid hostname. If this was really sent by the client,
then IMHO the server should reject the request with "400 Bad Request".
That's what I thought. What worries me is the fact that Apache
actually found a match between the CSV string and one of the virtual
hosts I have, otherwise my PHP script wouldn't have been executed in
the first place.
I'm gonna log the entire request header next time this happens and
post it here.
Thanks by your replies.
On Mar 8, 3:11*pm, Michael Fesser <neti...@gmx.dewrote:
Hmm, my local server responds with a redirect, containing the malformed
host name. After sending something like above I get:
HTTP/1.1 302 Found
Date: Sat, 08 Mar 2008 18:03:58 GMT
Server: Apache/2.2.3 (Debian) mod_jk/1.2.18
Location:http://www.example.com,www.example.com/apache2-default/
Oh.
This sounds like a bug. I wonder if it was reported already.
Hermann wrote:
On Mar 8, 3:11 pm, Michael Fesser <neti...@gmx.dewrote:
>Hmm, my local server responds with a redirect, containing the malformed
host name. After sending something like above I get:
HTTP/1.1 302 Found
Date: Sat, 08 Mar 2008 18:03:58 GMT
Server: Apache/2.2.3 (Debian) mod_jk/1.2.18
Location:http://www.example.com,www.example.com/apache2-default/
Oh.
This sounds like a bug. I wonder if it was reported already.
Or, more likely, a bad configuration.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Sat, 08 Mar 2008 21:38:30 +0100, Hermann <He*************@gmail.com>
wrote:
On Mar 8, 3:11*pm, Michael Fesser <neti...@gmx.dewrote:
>Hmm, my local server responds with a redirect, containing the malformed
host name. After sending something like above I get:
HTTP/1.1 302 Found
Date: Sat, 08 Mar 2008 18:03:58 GMT
Server: Apache/2.2.3 (Debian) mod_jk/1.2.18
Location:http://www.example.com,www.example.com/apache2-default/
Oh.
This sounds like a bug. I wonder if it was reported already.
Well, not a PHP one. PHP explicitly states it just copies the Host: header
from the request (if there even is one). Wether or not there's garbage in
there doesn't matter to PHP, and shouldn't to you. Apache might use
it/have something to say about it/break with a certain configuration, but
that would be OT here, and of zero importants to your PHP scripts.
I say to you again: SERVER_NAME (which is NOT user supplied).
--
Rik Wasmus
Greetings, Rik Wasmus.
In reply to Your message dated Monday, March 10, 2008, 11:59:38,
>>Hmm, my local server responds with a redirect, containing the malformed
host name. After sending something like above I get:
HTTP/1.1 302 Found
Date: Sat, 08 Mar 2008 18:03:58 GMT
Server: Apache/2.2.3 (Debian) mod_jk/1.2.18
Location:http://www.example.com,www.example.com/apache2-default/
Oh.
This sounds like a bug. I wonder if it was reported already.
Well, not a PHP one. PHP explicitly states it just copies the Host: header
from the request (if there even is one). Wether or not there's garbage in
there doesn't matter to PHP, and shouldn't to you. Apache might use
it/have something to say about it/break with a certain configuration, but
that would be OT here, and of zero importants to your PHP scripts.
I say to you again: SERVER_NAME (which is NOT user supplied).
+ SERVER_PORT is that isn't 80.
--
Sincerely Yours, AnrDaemon <an*******@freemail.ru> This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: david |
last post by:
Hello,
i have html form for the user to input some french text. The text go in a mysql
database
* before: (mozilla-1.5)
All my pages were designed to show themselves with the iso-8859-15...
|
by: Craig Keightley |
last post by:
is it possible to compare acomma separated list aginst another
eg comma list 1 => 1,2,3,4,5
comma list 2 => 3,5
can you check that 3 is in both, and 5 is in both, therfore they match???
the...
|
by: Craig Keightley |
last post by:
I can do the match perfectly but what i also need to do is create a third
list of comma separated values that are in both
eg:
List 1 => 1,2,3,4,5,6,7,8,11
List 2 => 1,3,4,5,6,7,10,23
...
|
by: Not Me |
last post by:
Hi,
I'm sure this is a common problem.. to create a single field from a
whole column, where each row would be separated by a comma.
I can do this for a specified table, and column.. and I've...
|
by: Pmb |
last post by:
I'm trying to learn the syntax for initializing objects in a comma separated
list. Below is an example program I wrote to learn how to do this (among
other things). While I understand how to...
|
by: Craig Keightley |
last post by:
I have a mysql database with a list of companies who supply specific
products
tblSuppliers (simplified)
sID | sName | goodsRefs
1 | comp name | 1,2,3,4,5
2 | company 2 | 2,4
|
by: Bob |
last post by:
I think this is very simple but I am having difficult doing it. Basically
take a comma separated list:
abc, def, ghi, jk
A list with only one token does not have any commas:
abc
The first...
|
by: starman7 |
last post by:
I'm attempting a query that gathers product data for a particular
product id.
One of the items is designer(s) which can be more than one.
The product table has comma separated id's of the...
|
by: mac |
last post by:
Hi,
I'm trying to write a fibonacci recursive function that will return
the fibonacci string separated by comma. The problem sounds like this:
-------------
Write a recursive function that...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
