[UPHPU] restricting access to assets on a public server

thebigdog bigdog at venticon.com
Sat Apr 9 17:08:31 MDT 2011

> Either. Is it possible for someone to spoof their IP address?

I am strictly speaking apache at this point. For me, I probably would not do
this as a php solution. You can do some research and see what is out there on
the vulnerabilities dealing with mod_authz_host and IP address spoofing.

I am not sure of your network infrastructure and setup, but if there is a big
issues getting the files from serverB, why don't you just syncing them up to
serverA and forget about the proxy/redirect for files that need
authentication/authorization to access. Leaving all other public files on
serverB. If the servers are on the same network there are other options
available to you as well.


More information about the UPHPU mailing list