From c942ea2cfaa42d9fc56e6fcdf0f60591a1548368 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Wed, 11 Aug 2010 00:05:34 +0000
Subject: [package] uhttpd: add option to reject requests from RFC1918 IPs to
 public server IPs (DNS rebinding countermeasure)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22589 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/uhttpd/files/uhttpd.config | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'package/uhttpd/files/uhttpd.config')

diff --git a/package/uhttpd/files/uhttpd.config b/package/uhttpd/files/uhttpd.config
index acdd62ea4e..534e8f8b29 100644
--- a/package/uhttpd/files/uhttpd.config
+++ b/package/uhttpd/files/uhttpd.config
@@ -12,6 +12,11 @@ config uhttpd main
 	# Server document root
 	option home		/www
 
+	# Reject requests from RFC1918 IP addresses
+	# directed to the servers public IP(s).
+	# This is a DNS rebinding countermeasure.
+	option rfc1918_filter 1
+
 	# Certificate and private key for HTTPS.
 	# If no listen_https addresses are given,
 	# the key options are ignored.
-- 
cgit v1.2.3