diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-07-01 17:32:36 -0400 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-07-01 17:32:36 -0400 |
| commit | 8bc95b43baf4bb2e77c7e88043a036945f6fcaa0 (patch) | |
| tree | 66cf23198716d92ccdb3d2af6a51b88dd8d478ab | |
| parent | 73a1b391182316eee630e53ba83f9f3b3b9672c2 (diff) | |
| download | pfsense-8bc95b43baf4bb2e77c7e88043a036945f6fcaa0.zip pfsense-8bc95b43baf4bb2e77c7e88043a036945f6fcaa0.tar.gz | |
DNS Rebinding support from 2.0
| -rw-r--r-- | etc/inc/auth.inc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 4c02aad..c00befa 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -33,6 +33,14 @@ require_once("globals.inc"); /* We only support file backed HTTP Basic auth right now */ $auth_method="htpasswd_backed_basic_auth"; +/* DNS ReBinding attack prevention. http://redmine.pfsense.org/issues/708 */ +if ($_SERVER['HTTP_HOST'] != $config['system']['hostname'] . "." . $config['system']['domain'] and + $_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] and + $_SERVER['HTTP_HOST'] != $config['system']['hostname']) { + echo "DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding"; + exit; +} + /* Authenticate user - exit if failed (we should have a callback for this maybe) */ if (!$auth_method()) exit; |
