diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-07-06 11:51:47 -0400 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-07-06 11:51:47 -0400 |
| commit | 9b13f84b4f71bbb4238492cf497c2e176c216154 (patch) | |
| tree | 329193a9f1eb110118d6ada058b6cfab5dd7273c /etc | |
| parent | 15409667f720dd1191219c5a32d01e6562f74e8f (diff) | |
| download | pfsense-9b13f84b4f71bbb4238492cf497c2e176c216154.zip pfsense-9b13f84b4f71bbb4238492cf497c2e176c216154.tar.gz | |
Check dyndns hostnames as well for DNS Rebind issues
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/auth.inc | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 4793b3a..fd597ab 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -50,11 +50,18 @@ require_once("config.gui.inc"); /* DNS ReBinding attack prevention. http://redmine.pfsense.org/issues/708 */ -if ($_SERVER['HTTP_HOST'] != $config['system']['hostname'] . "." . $config['system']['domain'] and - $_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] and - $_SERVER['HTTP_HOST'] != $config['system']['hostname']) { - display_error_form("501", "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding"); - exit; +$found_host = false; +if($config['dyndns']) + foreach($config['dyndns'] as $dyndns) + if($dyndns['host'] == $_SERVER['HTTP_HOST'] or $dyndns['host'] == $_SERVER['SERVER_ADDR']) + $found_host = true; +if($found_host == false) { + if ($_SERVER['HTTP_HOST'] != $config['system']['hostname'] . "." . $config['system']['domain'] and + $_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] and + $_SERVER['HTTP_HOST'] != $config['system']['hostname']) { + display_error_form("501", "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding"); + exit; + } } $groupindex = index_groups(); |
