uhttpd: add option to reject requests from RFC1918 IPs to public server IPs (DNS rebinding countermeasure)

SVN-Revision: 22589
author: Jo-Philipp Wich <jow@openwrt.org> 2010-08-11 00:05:34 +0000
committer: Jo-Philipp Wich <jow@openwrt.org> 2010-08-11 00:05:34 +0000
commit: 3d99f030820877eb84835fb1be66a7db3f5b0c68 (patch)
tree: ab165f9195ca06e8c8b635f0edce60ce30c5a706 /package/uhttpd/files/uhttpd.config
parent: a5371dfe3909f14d45803efcfa5a85446f7954ac (diff)
download: upstream-3d99f030820877eb84835fb1be66a7db3f5b0c68.tar.gz
upstream-3d99f030820877eb84835fb1be66a7db3f5b0c68.tar.bz2
upstream-3d99f030820877eb84835fb1be66a7db3f5b0c68.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/package/uhttpd/files/uhttpd.config b/package/uhttpd/files/uhttpd.config
index acdd62ea4e..534e8f8b29 100644
--- a/package/uhttpd/files/uhttpd.config
+++ b/package/uhttpd/files/uhttpd.config
@@ -12,6 +12,11 @@ config uhttpd main
 	# Server document root
 	option home		/www
 
+	# Reject requests from RFC1918 IP addresses
+	# directed to the servers public IP(s).
+	# This is a DNS rebinding countermeasure.
+	option rfc1918_filter 1
+
 	# Certificate and private key for HTTPS.
 	# If no listen_https addresses are given,
 	# the key options are ignored.
author	Jo-Philipp Wich <jow@openwrt.org>	2010-08-11 00:05:34 +0000
committer	Jo-Philipp Wich <jow@openwrt.org>	2010-08-11 00:05:34 +0000
commit	3d99f030820877eb84835fb1be66a7db3f5b0c68 (patch)
tree	ab165f9195ca06e8c8b635f0edce60ce30c5a706 /package/uhttpd/files/uhttpd.config
parent	a5371dfe3909f14d45803efcfa5a85446f7954ac (diff)
download	upstream-3d99f030820877eb84835fb1be66a7db3f5b0c68.tar.gz upstream-3d99f030820877eb84835fb1be66a7db3f5b0c68.tar.bz2 upstream-3d99f030820877eb84835fb1be66a7db3f5b0c68.zip