diff options
| author | Jo-Philipp Wich <jow@openwrt.org> | 2010-08-11 00:05:34 +0000 |
|---|---|---|
| committer | Jo-Philipp Wich <jow@openwrt.org> | 2010-08-11 00:05:34 +0000 |
| commit | c942ea2cfaa42d9fc56e6fcdf0f60591a1548368 (patch) | |
| tree | 446e864b34860bf49d334ae4d35d43cbf93b2b09 /package/uhttpd/files | |
| parent | 1f1b09775981241b9a96160a2386c73d2e734f1c (diff) | |
| download | upstream-c942ea2cfaa42d9fc56e6fcdf0f60591a1548368.tar.gz upstream-c942ea2cfaa42d9fc56e6fcdf0f60591a1548368.tar.bz2 upstream-c942ea2cfaa42d9fc56e6fcdf0f60591a1548368.zip | |
[package] uhttpd: add option to reject requests from RFC1918 IPs to public server IPs (DNS rebinding countermeasure)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22589 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/uhttpd/files')
| -rw-r--r-- | package/uhttpd/files/uhttpd.config | 5 | ||||
| -rwxr-xr-x | package/uhttpd/files/uhttpd.init | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/package/uhttpd/files/uhttpd.config b/package/uhttpd/files/uhttpd.config index acdd62ea4e..534e8f8b29 100644 --- a/package/uhttpd/files/uhttpd.config +++ b/package/uhttpd/files/uhttpd.config @@ -12,6 +12,11 @@ config uhttpd main # Server document root option home /www + # Reject requests from RFC1918 IP addresses + # directed to the servers public IP(s). + # This is a DNS rebinding countermeasure. + option rfc1918_filter 1 + # Certificate and private key for HTTPS. # If no listen_https addresses are given, # the key options are ignored. diff --git a/package/uhttpd/files/uhttpd.init b/package/uhttpd/files/uhttpd.init index d543dd84b9..b00b2e281b 100755 --- a/package/uhttpd/files/uhttpd.init +++ b/package/uhttpd/files/uhttpd.init @@ -75,6 +75,7 @@ start_instance() append_bool "$cfg" no_symlinks "-S" 0 append_bool "$cfg" no_dirlists "-D" 0 + append_bool "$cfg" rfc1918_filter "-R" 0 config_get http "$cfg" listen_http for listen in $http; do |