From f17f9f2891b459e3f119ced5857469b96c57dde9 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 9 Jul 2010 09:19:03 -0400
Subject: Bypass the DNS Rebind attack checks if accessing by IP address.

---
 etc/inc/auth.inc | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index d0b261a..504b241 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -60,8 +60,8 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
 	} else {
 		$http_host = $_SERVER['HTTP_HOST'];
 	}
-	if(($http_host == "localhost" or $_SERVER['SERVER_ADDR'] == "localhost") or
-	   ($http_host == "127.0.0.1" or $_SERVER['SERVER_ADDR'] == "127.0.0.1"))
+	if(is_ipaddr($http_host) or $_SERVER['SERVER_ADDR'] == "127.0.0.1" or
+	   $http_host == "localhost" or $_SERVER['SERVER_ADDR'] == "localhost")
 		$found_host = true;
 	if($config['dyndnses']['dyndns'])
 		foreach($config['dyndnses']['dyndns'] as $dyndns)
@@ -80,20 +80,6 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
 			$http_host == $config['system']['hostname'])
 		$found_host = true;
 
-	/* Check against locally configured IP addresses, which will catch when someone 
-	   port forwards WebGUI access from WAN to an internal IP on the router. */
-	if ($found_host == false) {
-		global $FilterIflist;
-		if (empty($FilterIflist)) {
-			require_once('filter.inc');
-			require_once('shaper.inc');
-			filter_generate_optcfg_array();
-		}
-		foreach ($FilterIflist as $iflist)
-			if($iflist['ip'] == $http_host)
-				$found_host = true;
-	}
-
 	if($found_host == false) {
 		display_error_form("501", "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding");
 		exit;
-- 
cgit v1.1