[UPHPU] restricting access to assets on a public server

thebigdog bigdog at venticon.com
Sat Apr 9 17:08:31 MDT 2011


> Either. Is it possible for someone to spoof their IP address?

I am strictly speaking apache at this point. For me, I probably would not do
this as a php solution. You can do some research and see what is out there on
the vulnerabilities dealing with mod_authz_host and IP address spoofing.

I am not sure of your network infrastructure and setup, but if there is a big
issues getting the files from serverB, why don't you just syncing them up to
serverA and forget about the proxy/redirect for files that need
authentication/authorization to access. Leaving all other public files on
serverB. If the servers are on the same network there are other options
available to you as well.

-- 
thebigdog


More information about the UPHPU mailing list