summaryrefslogtreecommitdiffstats
path: root/etc/inc/auth.inc
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2010-07-01 17:12:56 -0400
committerScott Ullrich <sullrich@pfsense.org>2010-07-01 17:12:56 -0400
commitce46b5da400edb5fcfb3f72afaa38a86459bf827 (patch)
tree470845fd8243d457c8cc29da1c9563099be39b9c /etc/inc/auth.inc
parent88809d25da51ccd474f503681a5848a1a489d37c (diff)
downloadpfsense-ce46b5da400edb5fcfb3f72afaa38a86459bf827.zip
pfsense-ce46b5da400edb5fcfb3f72afaa38a86459bf827.tar.gz
More dns-rebind checks. Ticket #708
Diffstat (limited to 'etc/inc/auth.inc')
-rw-r--r--etc/inc/auth.inc9
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 0af0594..b2f3d91 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -49,6 +49,13 @@
require_once("config.gui.inc");
+if ($_SERVER['HTTP_HOST'] != $config['system']['hostname'] . "." . $config['system']['domain'] and
+ $_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] and
+ $_SERVER['HTTP_HOST'] != $config['system']['hostname']) {
+ display_error_form("501", "DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding");
+ exit;
+}
+
$groupindex = index_groups();
$userindex = index_users();
@@ -1181,4 +1188,4 @@ function session_auth() {
return true;
}
-?>
+?> \ No newline at end of file
OpenPOWER on IntegriCloud