diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-10 11:56:23 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-10 11:56:23 -0500 |
| commit | 4fe9c2dcf1c90253b2b6a70e67b06c76ff251b35 (patch) | |
| tree | de12a5d01033d4ce859e311b743d23b138b3ba12 /usr/local/www/system_advanced_admin.php | |
| parent | daab67a170ddf38a76605e32a56874780e82b62d (diff) | |
| download | pfsense-4fe9c2dcf1c90253b2b6a70e67b06c76ff251b35.zip pfsense-4fe9c2dcf1c90253b2b6a70e67b06c76ff251b35.tar.gz | |
* Adding function get_configured_ip_addresses() which returns all interfaces and their configured IP address
* Add checkbox to System -> Advanced -> Admin for HTTP_REFERER checks
* Add and enforce HTTP_REFERER check if checkbox is not checked.
This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.
Diffstat (limited to 'usr/local/www/system_advanced_admin.php')
| -rw-r--r-- | usr/local/www/system_advanced_admin.php | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index f34d1c7..7875802 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -3,7 +3,7 @@ /* system_advanced_admin.php part of pfSense - Copyright (C) 2005-2007 Scott Ullrich + Copyright (C) 2005-2010 Scott Ullrich Copyright (C) 2008 Shrew Soft Inc @@ -56,6 +56,7 @@ $pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttp $pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']); $pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']); $pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']); +$pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']); $pconfig['althostnames'] = $config['system']['webgui']['althostnames']; $pconfig['enableserial'] = $config['system']['enableserial']; $pconfig['enablesshd'] = $config['system']['enablesshd']; @@ -140,6 +141,11 @@ if ($_POST) { else unset($config['system']['webgui']['nodnsrebindcheck']); + if ($_POST['nohttpreferercheck'] == "yes") + $config['system']['webgui']['nohttpreferercheck'] = true; + else + unset($config['system']['webgui']['nohttpreferercheck']); + if ($_POST['althostnames']) $config['system']['webgui']['althostnames'] = $_POST['althostnames']; else @@ -360,6 +366,18 @@ function prot_change() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Browser HTTP_REFERER enforcement"); ?></td> + <td width="78%" class="vtable"> + <input name="nohttpreferercheck" type="checkbox" id="nohttpreferercheck" value="yes" <?php if ($pconfig['nohttpreferercheck']) echo "checked"; ?> /> + <strong><?=gettext("Disable HTTP_REFERER enforcement check"); ?></strong> + <br/> + <?php echo gettext("When this is unchecked, access to the webConfigurator " . + "is protected against HTTP_REFERER redirection attempts. " . + "Check this box to disable this protection if you find that it interferes with " . + "webConfigurator access in certain corner cases such as using 3rd party scripts to interact with pfSense. More information on HTTP_REFERER is available from <a href='http://en.wikipedia.org/wiki/HTTP_referrer'>Wikipedia</a>."); ?> + </td> + </tr> + <tr> <td colspan="2" class="list" height="12"> </td> </tr> <tr> |
