diff options
Diffstat (limited to 'etc/inc/auth.inc')
| -rw-r--r-- | etc/inc/auth.inc | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 75bb08f..d0b261a 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -80,6 +80,20 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ $http_host == $config['system']['hostname']) $found_host = true; + /* Check against locally configured IP addresses, which will catch when someone + port forwards WebGUI access from WAN to an internal IP on the router. */ + if ($found_host == false) { + global $FilterIflist; + if (empty($FilterIflist)) { + require_once('filter.inc'); + require_once('shaper.inc'); + filter_generate_optcfg_array(); + } + foreach ($FilterIflist as $iflist) + if($iflist['ip'] == $http_host) + $found_host = true; + } + if($found_host == false) { display_error_form("501", "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding"); exit; |
