I’ve seen some requests to boxesandarrows.com with HTTP_X_FORWARDED_HOST=myweb2.search.yahoo.com. They go to the right virtual server just fine, but Rails, and most other web app frameworks that I’ve seen, have decided that when HTTP_X_FORWARDED_HOST is present, it trumps HTTP_HOST.

I haven’t been able to find a good resource to tell me how it’s intended to be used, so I can determine whether Yahoo is mistaken, and what the best way to handle it is. It would seem to be used with proxies, but that’s about all I dare guess.

It seems to happen when people save a search for a B&A story to their My Web 2.0 Search, in which case Yahoo sends this weird request from a proxy server of theirs, proxy2.search.scd.yahoo.net.

Can anyone help clarify?