diff options
author | redmatrix <git@macgirvin.com> | 2016-01-28 17:06:13 -0800 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-01-28 17:06:13 -0800 |
commit | c214692f661488df30eaf00ca85da94a5ecc1e14 (patch) | |
tree | d5d0678970b79e997a46516d71618a724a55b471 | |
parent | 35a9a468ceeb7b8e8b5ae2f026d3bdd76dff68be (diff) | |
download | volse-hubzilla-c214692f661488df30eaf00ca85da94a5ecc1e14.tar.gz volse-hubzilla-c214692f661488df30eaf00ca85da94a5ecc1e14.tar.bz2 volse-hubzilla-c214692f661488df30eaf00ca85da94a5ecc1e14.zip |
add peer filtering to all .well-known services
-rwxr-xr-x | boot.php | 3 | ||||
-rw-r--r-- | mod/_well_known.php | 16 |
2 files changed, 18 insertions, 1 deletions
@@ -863,7 +863,7 @@ class App { && array_key_exists('baseurl',$this->config['system']) && strlen($this->config['system']['baseurl'])) { $url = $this->config['system']['baseurl']; - + $url = trim($url,'\\/'); return $url; } @@ -881,6 +881,7 @@ class App { && array_key_exists('baseurl',$this->config['system']) && strlen($this->config['system']['baseurl'])) { $url = $this->config['system']['baseurl']; + $url = trim($url,'\\/'); } $parsed = @parse_url($url); diff --git a/mod/_well_known.php b/mod/_well_known.php index 58ed13ece..47cfe1512 100644 --- a/mod/_well_known.php +++ b/mod/_well_known.php @@ -7,6 +7,22 @@ function _well_known_init(&$a){ $arr = array('server' => $_SERVER, 'request' => $_REQUEST);
call_hooks('well_known', $arr);
+
+ if(! check_siteallowed($_SERVER['REMOTE_ADDR'])) {
+ logger('well_known: site not allowed. ' . $_SERVER['REMOTE_ADDR']);
+ killme();
+ }
+
+ // from php.net re: REMOTE_HOST:
+ // Note: Your web server must be configured to create this variable. For example in Apache
+ // you'll need HostnameLookups On inside httpd.conf for it to exist. See also gethostbyaddr().
+
+ if(get_config('system','siteallowed_remote_host') && (! check_siteallowed($_SERVER['REMOTE_HOST']))) {
+ logger('well_known: site not allowed. ' . $_SERVER['REMOTE_HOST']);
+ killme();
+ }
+
+
switch(argv(1)) {
case 'zot-info':
$a->argc -= 1;
|