From 9e5fdbf8d0e83369c06416a51b8d649e5ecf8a26 Mon Sep 17 00:00:00 2001 From: Dejan Marjanovic Date: Fri, 22 Mar 2013 22:13:35 +0000 Subject: [PATCH] Added note to SERVER_PORT to warn about spoofing git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@329894 c90b9560-bf6c-de11-be94-00142212c4b1 --- language/predefined/variables/server.xml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/language/predefined/variables/server.xml b/language/predefined/variables/server.xml index 9b09055db2..52939d6979 100644 --- a/language/predefined/variables/server.xml +++ b/language/predefined/variables/server.xml @@ -392,6 +392,15 @@ using SSL, for instance, will change this to whatever your defined secure HTTP port is. + + + Under the Apache 2, you must set UseCanonicalName = On, + as well as UseCanonicalPhysicalPort = On in order to + get the physical (real) port, otherwise, this value can be spoofed and it + may or may not return the physical port value. + It is not safe to rely on this value in security-dependent contexts. + +