diff options
-rw-r--r-- | etc/inc/auth.inc | 18 |
1 files changed, 2 insertions, 16 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index d0b261a..504b241 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -60,8 +60,8 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ } else { $http_host = $_SERVER['HTTP_HOST']; } - if(($http_host == "localhost" or $_SERVER['SERVER_ADDR'] == "localhost") or - ($http_host == "127.0.0.1" or $_SERVER['SERVER_ADDR'] == "127.0.0.1")) + if(is_ipaddr($http_host) or $_SERVER['SERVER_ADDR'] == "127.0.0.1" or + $http_host == "localhost" or $_SERVER['SERVER_ADDR'] == "localhost") $found_host = true; if($config['dyndnses']['dyndns']) foreach($config['dyndnses']['dyndns'] as $dyndns) @@ -80,20 +80,6 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ $http_host == $config['system']['hostname']) $found_host = true; - /* Check against locally configured IP addresses, which will catch when someone - port forwards WebGUI access from WAN to an internal IP on the router. */ - if ($found_host == false) { - global $FilterIflist; - if (empty($FilterIflist)) { - require_once('filter.inc'); - require_once('shaper.inc'); - filter_generate_optcfg_array(); - } - foreach ($FilterIflist as $iflist) - if($iflist['ip'] == $http_host) - $found_host = true; - } - if($found_host == false) { display_error_form("501", "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding"); exit; |