diff options
| author | Renato Botelho <renato.botelho@bluepex.com> | 2010-07-07 08:28:38 -0300 |
|---|---|---|
| committer | Renato Botelho <renato.botelho@bluepex.com> | 2010-07-07 08:28:38 -0300 |
| commit | 0143ee301bdf62aa5c6efd3793e8845600ea2d8f (patch) | |
| tree | e3b78ececfe9a7e31d2bd63f4e0abe478046952f | |
| parent | 0e919325c010eeaa37d70f6ebe0f83169f20ac58 (diff) | |
| parent | 29721fe6a60c1f772c601b1f43e54518e58b97f0 (diff) | |
| download | pfsense-0143ee301bdf62aa5c6efd3793e8845600ea2d8f.zip pfsense-0143ee301bdf62aa5c6efd3793e8845600ea2d8f.tar.gz | |
Merge remote branch 'mainline/master' into 1_diag
| -rw-r--r-- | etc/inc/auth.inc | 55 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 25 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 18 | ||||
| -rw-r--r-- | etc/inc/services.inc | 16 | ||||
| -rw-r--r-- | etc/inc/util.inc | 3 | ||||
| -rw-r--r-- | etc/shells | 1 | ||||
| -rw-r--r-- | etc/skel/dot.tcshrc (renamed from usr/share/skel/dot.tcshrc) | 0 | ||||
| -rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_1to1_edit.php | 43 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 24 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_out_edit.php | 27 | ||||
| -rwxr-xr-x | usr/local/www/interfaces.php | 3 | ||||
| -rw-r--r-- | usr/local/www/system_advanced_admin.php | 42 |
13 files changed, 224 insertions, 35 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 0af0594..d0b261a 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -49,6 +49,57 @@ require_once("config.gui.inc"); +/* If this function doesn't exist, we're being called from Captive Portal or + another internal subsystem which does not include authgui.inc */ +if (function_exists("display_error_form") && !isset($config['system']['webgui']['nodnsrebindcheck'])) { + /* DNS ReBinding attack prevention. http://redmine.pfsense.org/issues/708 */ + $found_host = false; + if(strstr($_SERVER['HTTP_HOST'], ":")) { + $http_host_port = explode(":", $_SERVER['HTTP_HOST']); + $http_host = $http_host_port[0]; + } else { + $http_host = $_SERVER['HTTP_HOST']; + } + if(($http_host == "localhost" or $_SERVER['SERVER_ADDR'] == "localhost") or + ($http_host == "127.0.0.1" or $_SERVER['SERVER_ADDR'] == "127.0.0.1")) + $found_host = true; + if($config['dyndnses']['dyndns']) + foreach($config['dyndnses']['dyndns'] as $dyndns) + if($dyndns['host'] == $http_host or $dyndns['host'] == $_SERVER['SERVER_ADDR']) + $found_host = true; + + if(!empty($config['system']['webgui']['althostnames'])) { + $althosts = explode(" ", $config['system']['webgui']['althostnames']); + foreach ($althosts as $ah) + if($ah == $http_host or $ah == $_SERVER['SERVER_ADDR']) + $found_host = true; + } + + if($http_host == $config['system']['hostname'] . "." . $config['system']['domain'] or + $http_host == $_SERVER['SERVER_ADDR'] or + $http_host == $config['system']['hostname']) + $found_host = true; + + /* Check against locally configured IP addresses, which will catch when someone + port forwards WebGUI access from WAN to an internal IP on the router. */ + if ($found_host == false) { + global $FilterIflist; + if (empty($FilterIflist)) { + require_once('filter.inc'); + require_once('shaper.inc'); + filter_generate_optcfg_array(); + } + foreach ($FilterIflist as $iflist) + if($iflist['ip'] == $http_host) + $found_host = true; + } + + if($found_host == false) { + display_error_form("501", "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding"); + exit; + } +} + $groupindex = index_groups(); $userindex = index_users(); @@ -278,7 +329,7 @@ function local_user_set(& $user) { /* determine add or mod */ if (!strncmp($pwread, "pw:", 3)) { - $user_op = "useradd -m -k /usr/share/skel -o"; + $user_op = "useradd -m -k /etc/skel -o"; } else { $user_op = "usermod"; } @@ -1181,4 +1232,4 @@ function session_auth() { return true; } -?> +?>
\ No newline at end of file diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index fe7c047..adcb8d5 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1085,7 +1085,8 @@ function filter_nat_rules_generate() { if($natif) { /* If reflection is enabled, turn on extra redirections * for this rule by adding other interfaces to binat rule. */ - if(isset($config['system']['enablebinatreflection'])) { + if((isset($config['system']['enablebinatreflection']) || $natent['natreflection'] == "enable") + && $natent['natreflection'] != "disable") { $nat_if_list = filter_get_reflection_interfaces($natif); } else { $nat_if_list = array(); @@ -1281,10 +1282,8 @@ function filter_nat_rules_generate() { fwrite($inetd_fd, "tftp-proxy\tdgram\tudp\twait\t\troot\t/usr/libexec/tftp-proxy\ttftp-proxy -v\n"); if(isset($config['nat']['rule'])) { - if(!isset($config['system']['disablenatreflection'])) { - /* start redirects on port 19000 of localhost */ - $starting_localhost_port = 19000; - } + /* start reflection redirects on port 19000 of localhost */ + $starting_localhost_port = 19000; $natrules .= "# NAT Inbound Redirects\n"; foreach ($config['nat']['rule'] as $rule) { update_filter_reload_status("Creating NAT rule {$rule['descr']}"); @@ -1360,7 +1359,8 @@ function filter_nat_rules_generate() { } else $nordr = ""; - if(!isset($config['system']['disablenatreflection'])) { + if((!isset($config['system']['disablenatreflection']) || $rule['natreflection'] == "enable") + && $rule['natreflection'] != "disable") { $nat_if_list = filter_get_reflection_interfaces($natif); } else { $nat_if_list = array(); @@ -2126,13 +2126,18 @@ EOD; } } - $ipfrules .= "# NAT Reflection rules\n"; - if(isset($config['nat']['rule']) && - (!isset($config['system']['disablenatreflection']))) { - $ipfrules .= <<<EOD + if(isset($config['nat']['rule']) && is_array($config['nat']['rule'])) { + foreach ($config['nat']['rule'] as $rule) { + if((!isset($config['system']['disablenatreflection']) || $rule['natreflection'] == "enable") + && $rule['natreflection'] != "disable") { + $ipfrules .= "# NAT Reflection rules\n"; + $ipfrules .= <<<EOD pass in inet tagged PFREFLECT keep state label "NAT REFLECT: Allow traffic to localhost" EOD; + break; + } + } } if(isset($config['filter']['rule'])) { diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 004f2b3..dc4cbdf 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -2127,21 +2127,17 @@ EOD; unset($output); $reg_changing = false; - if ($wlcfg['regdomain'] && !preg_match("/\sregdomain\s+{$wlcfg['regdomain']}\s/si", $ifconfig_str)) + /* special case for the debug country code */ + if ($wlcfg['regcountry'] == 'DEBUG' && !preg_match("/\sregdomain\s+DEBUG\s/si", $ifconfig_str)) + $reg_changing = true; + else if ($wlcfg['regdomain'] && !preg_match("/\sregdomain\s+{$wlcfg['regdomain']}\s/si", $ifconfig_str)) $reg_changing = true; else if ($wlcfg['regcountry'] && !preg_match("/\scountry\s+{$wlcfg['regcountry']}\s/si", $ifconfig_str)) $reg_changing = true; - /* anywhere needs a special case, since it is not included in the ifconfig output. - * Do not combine this if with the one inside. */ - else if ($wlcfg['reglocation'] == 'anywhere') { - if (preg_match("/\s(indoor|outdoor)\s/si", $ifconfig_str)) - $reg_changing = true; - } else if ($wlcfg['reglocation'] && !preg_match("/\s{$wlcfg['reglocation']}\s/si", $ifconfig_str)) + else if ($wlcfg['reglocation'] == 'anywhere' && preg_match("/\s(indoor|outdoor)\s/si", $ifconfig_str)) + $reg_changing = true; + else if ($wlcfg['reglocation'] && $wlcfg['reglocation'] != 'anywhere' && !preg_match("/\s{$wlcfg['reglocation']}\s/si", $ifconfig_str)) $reg_changing = true; - - /* special case for the debug country code */ - if ($wlcfg['regcountry'] == 'DEBUG' && preg_match("/\sregdomain\s+DEBUG\s/si", $ifconfig_str)) - $reg_changing = false; if ($reg_changing) { /* set regulatory domain */ diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 4f2f167..af0d0c2 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -603,21 +603,23 @@ function services_dnsmasq_configure() { if (isset($config['dnsmasq']['regdhcp'])) { $args .= " --dhcp-hostsfile={$g['varetc_path']}/hosts "; } - + + /* Setup forwarded domains */ if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) { foreach($config['dnsmasq']['domainoverrides'] as $override) { $args .= ' --server=/' . $override['domain'] . '/' . $override['ip']; } } - /* suppose that dnsmasq handles our domain and don't send - requests for our local domain to upstream servers */ - //if (!empty($config['system']['domain'])) { - // $args .= sprintf(' --local=/%s/', $config['system']['domain']); - //} + /* Allow DNS Rebind for forwarded domains */ + if (isset($config['dnsmasq']['domainoverrides']) && is_array($config['dnsmasq']['domainoverrides'])) { + foreach($config['dnsmasq']['domainoverrides'] as $override) { + $args .= ' --rebind-domain-ok=/' . $override['domain'] . '/ '; + } + } /* run dnsmasq */ - mwexec("/usr/local/sbin/dnsmasq --local-ttl 1 --all-servers --dns-forward-max=5000 --cache-size=10000 {$args}"); + mwexec("/usr/local/sbin/dnsmasq --rebind-localhost-ok --stop-dns-rebind --local-ttl 1 --all-servers --dns-forward-max=5000 --cache-size=10000 {$args}"); if ($g['booting']) echo "done.\n"; diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 9d5872e..da1b496 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -1104,7 +1104,8 @@ function get_memory() { if(!$real && !$avail) { $real = trim(`sysctl hw.physmem | cut -d' ' -f2`); $avail = trim(`sysctl hw.realmem | cut -d' ' -f2`); - return array(($real/1024),($avail/1024)); + /* convert from bytes to megabytes */ + return array(($real/1048576),($avail/1048576)); } } @@ -8,4 +8,5 @@ /bin/csh /bin/tcsh /etc/rc.initial +/usr/local/sbin/ssh_tunnel_shell diff --git a/usr/share/skel/dot.tcshrc b/etc/skel/dot.tcshrc index 97ca003..97ca003 100644 --- a/usr/share/skel/dot.tcshrc +++ b/etc/skel/dot.tcshrc diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index dca3d12..5835bd2 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -267,7 +267,7 @@ if ($_POST) { $address = array_merge($address, $rangesubnets); } else { $tmpaddress = $_POST["address{$x}"]; - if(($_POST['type'] == "network" || is_ipaddr($_POST["address{$x}"])) && $_POST["address_subnet{$x}"] <> "") + if(is_ipaddr($_POST["address{$x}"]) && $_POST["address_subnet{$x}"] <> "") $tmpaddress .= "/" . $_POST["address_subnet{$x}"]; $address[] = $tmpaddress; } diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index d7ed094..4966e14 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -77,6 +77,7 @@ if (isset($id) && $a_1to1[$id]) { else $pconfig['subnet'] = $a_1to1[$id]['subnet']; $pconfig['descr'] = $a_1to1[$id]['descr']; + $pconfig['natreflection'] = $a_1to1[$id]['natreflection']; } else { $pconfig['subnet'] = 32; $pconfig['interface'] = "wan"; @@ -123,6 +124,11 @@ if ($_POST) { $natent['descr'] = $_POST['descr']; $natent['interface'] = $_POST['interface']; + if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") + $natent['natreflection'] = $_POST['natreflection']; + else + unset($natent['natreflection']); + if (isset($id) && $a_1to1[$id]) $a_1to1[$id] = $natent; else @@ -156,7 +162,32 @@ include("head.inc"); <td width="78%" class="vtable"> <select name="interface" class="formselect"> <?php - $interfaces = get_configured_interface_with_descr(); + $iflist = get_configured_interface_with_descr(); + foreach ($iflist as $if => $ifdesc) + if(have_ruleint_access($if)) + $interfaces[$if] = $ifdesc; + + if ($config['l2tp']['mode'] == "server") + if(have_ruleint_access("l2tp")) + $interfaces['l2tp'] = "L2TP VPN"; + + if ($config['pptpd']['mode'] == "server") + if(have_ruleint_access("pptp")) + $interfaces['pptp'] = "PPTP VPN"; + + if ($config['pppoe']['mode'] == "server") + if(have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPsec"; + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + $interfaces["openvpn"] = "OpenVPN"; + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> @@ -195,6 +226,16 @@ include("head.inc"); <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">NAT reflection</td> + <td width="78%" class="vtable"> + <select name="natreflection" class="formselect"> + <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "disable") echo "selected"; ?>>use system default</option> + <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected"; ?>>enable</option> + <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected"; ?>>disable</option> + </select> + </td> + </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"> diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 719e32f..3f06928 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -84,6 +84,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id']; $pconfig['nosync'] = isset($a_nat[$id]['nosync']); + $pconfig['natreflection'] = $a_nat[$id]['natreflection']; if (!$pconfig['interface']) $pconfig['interface'] = "wan"; @@ -315,6 +316,11 @@ if ($_POST) { else unset($natent['nosync']); + if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") + $natent['natreflection'] = $_POST['natreflection']; + else + unset($natent['natreflection']); + // If we used to have an associated filter rule, but no-longer should have one if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { // Delete the previous rule @@ -456,6 +462,10 @@ include("fbegin.inc"); ?> if(have_ruleint_access($if)) $interfaces[$if] = $ifdesc; + if ($config['l2tp']['mode'] == "server") + if(have_ruleint_access("l2tp")) + $interfaces['l2tp'] = "L2TP VPN"; + if ($config['pptpd']['mode'] == "server") if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; @@ -469,6 +479,10 @@ include("fbegin.inc"); ?> if(have_ruleint_access("enc0")) $interfaces["enc0"] = "IPsec"; + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + $interfaces["openvpn"] = "OpenVPN"; + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> <?=htmlspecialchars($ifacename);?> @@ -741,6 +755,16 @@ include("fbegin.inc"); ?> HINT: This prevents the rule from automatically syncing to other CARP members. </td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">NAT reflection</td> + <td width="78%" class="vtable"> + <select name="natreflection" class="formselect"> + <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "disable") echo "selected"; ?>>use system default</option> + <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected"; ?>>enable</option> + <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected"; ?>>disable</option> + </select> + </td> + </tr> <?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?> <tr> <td width="22%" valign="top" class="vncell">Filter rule association</td> diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index df0487f..b1e7a64 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -318,7 +318,32 @@ function sourcesel_change() { <td width="78%" class="vtable"> <select name="interface" class="formselect"> <?php - $interfaces = get_configured_interface_with_descr(false, true); + $iflist = get_configured_interface_with_descr(false, true); + foreach ($iflist as $if => $ifdesc) + if(have_ruleint_access($if)) + $interfaces[$if] = $ifdesc; + + if ($config['l2tp']['mode'] == "server") + if(have_ruleint_access("l2tp")) + $interfaces['l2tp'] = "L2TP VPN"; + + if ($config['pptpd']['mode'] == "server") + if(have_ruleint_access("pptp")) + $interfaces['pptp'] = "PPTP VPN"; + + if ($config['pppoe']['mode'] == "server") + if(have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPsec"; + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + $interfaces["openvpn"] = "OpenVPN"; + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> <?=htmlspecialchars($ifacename);?> diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 4d6283b..94fd82f 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -492,7 +492,8 @@ if ($_POST) { unset($wancfg['provider']); unset($wancfg['ondemand']); unset($wancfg['timeout']); - unset($wancfg['pppoe']['pppoe-reset-type']); + if (isset($wancfg['pppoe']['pppoe-reset-type'])) + unset($wancfg['pppoe']['pppoe-reset-type']); unset($wancfg['local']); unset($wancfg['subnet']); unset($wancfg['remote']); diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 840d6bf..c853c91 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -55,6 +55,8 @@ $pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref']; $pconfig['disablehttpredirect'] = isset($config['system']['disablehttpredirect']); $pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']); $pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']); +$pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']); +$pconfig['althostnames'] = $config['system']['webgui']['althostnames']; $pconfig['enableserial'] = $config['system']['enableserial']; $pconfig['enablesshd'] = $config['system']['enablesshd']; $pconfig['sshport'] = $config['system']['ssh']['port']; @@ -79,6 +81,13 @@ if ($_POST) { if(!is_port($_POST['webguiport'])) $input_errors[] = gettext("You must specify a valid webConfigurator port number"); + if ($_POST['althostnames']) { + $althosts = explode(" ", $_POST['althostnames']); + foreach ($althosts as $ah) + if (!is_hostname($ah)) + $input_errors[] = gettext("Alternate hostname " . htmlspecialchars($ah) . " is not a valid hostname."); + } + if ($_POST['sshport']) if(!is_port($_POST['sshport'])) $input_errors[] = gettext("You must specify a valid port number"); @@ -126,6 +135,16 @@ if ($_POST) { else unset($config['system']['enableserial']); + if ($_POST['nodnsrebindcheck'] == "yes") + $config['system']['webgui']['nodnsrebindcheck'] = true; + else + unset($config['system']['webgui']['nodnsrebindcheck']); + + if ($_POST['althostnames']) + $config['system']['webgui']['althostnames'] = $_POST['althostnames']; + else + unset($config['system']['webgui']['althostnames']); + $sshd_enabled = $config['system']['enablesshd']; if($_POST['enablesshd']) $config['system']['enablesshd'] = "enabled"; @@ -316,6 +335,29 @@ function prot_change() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("DNS Rebind Check"); ?></td> + <td width="78%" class="vtable"> + <input name="nodnsrebindcheck" type="checkbox" id="nodnsrebindcheck" value="yes" <?php if ($pconfig['nodnsrebindcheck']) echo "checked"; ?> /> + <strong><?=gettext("Disable webConfigurator DNS Rebinding Checks"); ?></strong> + <br/> + <?php echo gettext("When this is unchecked, access to the webConfigurator " . + "is protected against <a href=\"http://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding attacks</a>. " . + "Check this box to disable this protection if you find that it interferes with " . + "webConfigurator access in certain corner cases. "); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Alternate Hostnames"); ?></td> + <td width="78%" class="vtable"> + <input name="althostnames" type="text" class="formfld unknown" id="althostnames" size="75" value="<?=htmlspecialchars($pconfig['althostnames']);?>"/> + <br/> + <strong><?=gettext("Alternate Hostnames for DNS Rebinding Checks"); ?></strong> + <br/> + <?php echo gettext("Here you can specify alternate hostnames by which the router may be queried, to " . + "bypass the DNS Rebinding Attack checks. Separate hostnames with spaces."); ?> + </td> + </tr> + <tr> <td colspan="2" class="list" height="12"> </td> </tr> <tr> |
