diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-07-01 17:12:56 -0400 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-07-01 17:12:56 -0400 |
commit | ce46b5da400edb5fcfb3f72afaa38a86459bf827 (patch) | |
tree | 470845fd8243d457c8cc29da1c9563099be39b9c /etc/inc/auth.inc | |
parent | 88809d25da51ccd474f503681a5848a1a489d37c (diff) | |
download | pfsense-ce46b5da400edb5fcfb3f72afaa38a86459bf827.zip pfsense-ce46b5da400edb5fcfb3f72afaa38a86459bf827.tar.gz |
More dns-rebind checks. Ticket #708
Diffstat (limited to 'etc/inc/auth.inc')
-rw-r--r-- | etc/inc/auth.inc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 0af0594..b2f3d91 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -49,6 +49,13 @@ require_once("config.gui.inc"); +if ($_SERVER['HTTP_HOST'] != $config['system']['hostname'] . "." . $config['system']['domain'] and + $_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] and + $_SERVER['HTTP_HOST'] != $config['system']['hostname']) { + display_error_form("501", "DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding"); + exit; +} + $groupindex = index_groups(); $userindex = index_users(); @@ -1181,4 +1188,4 @@ function session_auth() { return true; } -?> +?>
\ No newline at end of file |