diff options
-rw-r--r-- | etc/inc/authgui.inc | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index b3cd6a6..0747452 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -163,6 +163,24 @@ function display_login_form() { exit; } +/* Check against locally configured IP addresses, which will catch when someone + port forwards WebGUI access from WAN to an internal IP on the router. */ +global $FilterIflist; +$local_ip = false; +if(strstr($_SERVER['HTTP_HOST'], ":")) { + $http_host_port = explode(":", $_SERVER['HTTP_HOST']); + $http_host = $http_host_port[0]; +} else { + $http_host = $_SERVER['HTTP_HOST']; +} +if (empty($FilterIflist)) { + require_once('filter.inc'); + require_once('shaper.inc'); + filter_generate_optcfg_array(); +} +foreach ($FilterIflist as $iflist) + if($iflist['ip'] == $http_host) + $local_ip = true; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" @@ -198,6 +216,8 @@ function display_login_form() { </head> <body onload="page_load()"> <div id="login"> + <?php if(is_ipaddr($http_host) && !$local_ip) + print_info_box(gettext("You are accessing this router by an IP address not configured locally, which may be forwarded by NAT or other means. <br/><br/>If you did not setup this forwarding, you may be the target of a man-in-the-middle attack.")); ?> <form id="iform" name="login_iform" method="post" autocomplete="off" action="<?=$_SERVER['SCRIPT_NAME'];?>"> <h1></h1> <div id="inputerrors"><?=$_SESSION['Login_Error'];?></div> |