Added note to SERVER_PORT to warn about spoofing

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@329894 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Dejan Marjanovic 2013-03-22 22:13:35 +00:00
parent fa54c57911
commit 9e5fdbf8d0

View file

@ -392,6 +392,15 @@
using SSL, for instance, will change this to whatever your
defined secure HTTP port is.
</simpara>
<note>
<simpara>
Under the Apache 2, you must set <literal>UseCanonicalName = On</literal>,
as well as <literal>UseCanonicalPhysicalPort = On</literal> in order to
get the physical (real) port, otherwise, this value can be spoofed and it
may or may not return the physical port value.
It is not safe to rely on this value in security-dependent contexts.
</simpara>
</note>
</listitem>
</varlistentry>