Dave Taht <dave.taht@gmail.com> writes:

> shows vulnerable for bash, not sh, on openwrt and cerowrt. That said,
> it makes me nervous. I've never really liked the redir.sh method cero
> uses to bounce people to the right web interface... suggestions to do
> it in javascript or something safer desired.

Doesn't the value of $SERVER_NAME come from the (static) lighttpd
configuration? In that case, redir.sh can be replaced with a static HTML
page.

If not, it's probably doable in the lighttpd configuration if a suitable
redirect/rewrite module is available. I forget the syntax, though,
haven't used lighttpd in ages; I'm sure Google knows, though.

-Toke