PHP $_SERVER[‘HTTP_HOST’] vs. $_SERVER[‘SERVER_NAME’], am I understanding the man pages correctly?

That’s probably everyone’s first thought. But it’s a little bit more difficult. See Chris Shiflett’s article SERVER_NAME Versus HTTP_HOST.

It seems that there is no silver bullet. Only when you force Apache to use the canonical name you will always get the right server name with SERVER_NAME.

So you either go with that or you check the host name against a white list:

$allowed_hosts = array('foo.example.com', 'bar.example.com');
if (!isset($_SERVER['HTTP_HOST']) || !in_array($_SERVER['HTTP_HOST'], $allowed_hosts)) {
    header($_SERVER['SERVER_PROTOCOL'].' 400 Bad Request');
    exit;
}

Related Posts:

  1. How to run php files on my computer
  2. Whats the point of running Laravel with the command ‘php artisan serve’?
  3. Enable PHP Apache2
  4. Apache is downloading php files instead of displaying them
  5. PHP code is not being executed, but the code shows in the browser source code
  6. How to configure self hosted wordpress so that everything can be upgraded/installed from dashboard
  7. WordPress multisite causing Error 101 (net::ERR_CONNECTION_RESET): Unknown error [duplicate]
  8. Evaluations of two wordpress security plans against php code injection attack
  9. http://localhost:80 is not working on running Apache server through UniServer ZeroXIII
  10. How can I use an .htaccess file in Nginx?
  11. .htaccess redirect http to https
  12. How do I resolve a HTTP 414 “Request URI too long” error?
  13. 404 Not Found The requested URL was not found on this server
  14. Getting an error when I visit http://localhost
  15. What is the difference between Local Server and a Web Server?
  16. Chrome net::ERR_INCOMPLETE_CHUNKED_ENCODING error
  17. Localhost is not working
  18. Simplest two-way encryption using PHP
  19. Redirect vs RedirectMatch
  20. What is the difference between the ‘www’ folder and ‘htdocs’ folder?
  21. What is Options +FollowSymLinks?
  22. SVN Error E175002 while checking out code from repository
  23. Are PDO prepared statements sufficient to prevent SQL injection?
  24. XAMPP, Apache – Error: Apache shutdown unexpectedly
  25. SSL error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  26. htaccess – Redirect to subfolder without changing browser URL
  27. How can I prevent SQL injection in PHP?
  28. client denied by server configuration
  29. What is HTTPD exactly?
  30. What does it mean to escape a string?
  31. XAMPP: Connecting to localhost fix? [Persistent]
  32. Request exceeded the limit of 10 internal redirects due to probable configuration error
  33. MAMP “Apache couldn’t be started because port is in use.” AND “Can’t connect to local MySQL server through /tmp/mysql.sock
  34. PHP and mod_fcgid: ap_pass_brigade failed in handle_request_ipc function
  35. How do you redirect HTTPS to HTTP?
  36. Adding a user on .htpasswd
  37. Only variable references should be returned by reference – Codeigniter
  38. Connection reset by peer: mod_fcgid: error reading data from FastCGI server
  39. a2enmod command not found in apache server using cpanel in linux vps
  40. How do I disable directory browsing?
  42. file_get_contents( ) not working
  43. Apache and Node.js on the Same Server
  44. XAMPP, using port:81, cannot run localhost:81/mywebsite
  45. How to view PHP on live site
  46. lbmethod_heartbeat:notice – No slotmem from mod_heartmonitor –error after installing apache2.4.2 [closed]
  47. Difference between Systemctl and service command
  48. “End of script output before headers” error in Apache
  49. “End of script output before headers” in Apache + PHP
  50. XAMPP installation on Win 8.1 with UAC Warning
  51. org.apache.jasper.JasperException
  52. Https to http redirect using htaccess
  53. How can I force users to access my page over HTTPS instead of HTTP?
  54. Site does not exist error for a2ensite
  55. Getting a 500 Internal Server Error on Laravel 5+ Ubuntu 14.04
  56. Using PHP 7 with WAMP
  57. How to remove index.php from WordPress site URL
  58. WAMP won’t turn green. And the VCRUNTIME140.dll error
  59. .htaccess: Invalid command ‘RewriteEngine’, perhaps misspelled or defined by a module not included in the server configuration
  60. Redirect old php link to wordpress link in .htaccess
  61. Redirect old php link to wordpress link in .htaccess
  62. WordPress broken app to try wpscan kali tool
  63. wordpress login wp-login.php change url
  64. Cant login to wp-admin (redirecting to homepage), But CAN login to wp-login.php
  65. Cant login to wp-admin (redirecting to homepage), But CAN login to wp-login.php
  66. esc_attr() right way and use
  67. Enforcing password complexity
  68. Does My Child-Theme Functions.php Need if{die} Security In It? [duplicate]
  69. cURL 28 error after switch from to brew php 7.2 on localhost
  70. How do I get the right permissions for WordPress running Apache on Debian
  71. How can I improve site/page performance of WordPress websites?
  72. How Attackers write script into my php files?
  73. How to run multiple Async HTTP requests in WordPress?
  74. WP CLI info showing correct PHP binary but wrong version of PHP
  75. Does the debug.log do log rotation?
  76. Correct Approach for Validating Custom Field Input
  77. Renaming wp-content folder dynamically
  78. How do I create a WP user outside of WordPress and auto login?
  79. Best practices for making a WordPress site “movable”?
  80. WordPress V2 REST-API: Endpoints 404?
  81. Security – Ajax and Nonce use [closed]
  82. Which ways can be used to log in to WordPress?
  83. Installing WordPress in a Sub-Folder (not in root) on Localhost
  84. Can I write ‘RewriteCond’ using ‘functions.php’?
  85. Is it unsafe to put php in the /wp-content/uploads directory?
  86. What’s the proper way to setup WP-CLI on Ubuntu so that I don’t have to use the flag –allow-root?
  87. Which Apache-modules must I enable?
  88. What are some good Apache settings to use with wordpress?
  89. How Restrict access to admin dashboard by specific static ip?
  90. Sanitize get_query_var() url parameters
  91. apache cpu over 70% on localhost
  92. Why Better WP security plugin returns 418 I’m a Teapot “error”?
  93. Is it possible to move wordpress out of webroot?
  94. login wp impossible
  95. wp-admin/index.php gives a “500 Internal Server Error [closed]
  96. When must I use and verify nonce?
  97. Memory errors with media upload, WordPress can’t use more than 96M (while there’s 512 available!)
  98. Escape when echoed
  99. Hiding WordPress Plugin Source Code
  100. Is this code malidcous

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)