From 1ba06f4465d3bbc42e6c05f9ebf380bf22574c36 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Thu, 1 Jul 2010 17:25:17 -0400
Subject: Comment what we are doing here and add the ticket #.

---
 etc/inc/auth.inc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'etc/inc/auth.inc')

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index b2f3d91..f295e8b 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -49,6 +49,7 @@
 
 require_once("config.gui.inc");
 
+/* DNS Binding attack prevention.  http://redmine.pfsense.org/issues/708 */
 if ($_SERVER['HTTP_HOST'] != $config['system']['hostname'] . "." . $config['system']['domain'] and
 	$_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] and 
 	$_SERVER['HTTP_HOST'] != $config['system']['hostname']) {
-- 
cgit v1.1