From c214692f661488df30eaf00ca85da94a5ecc1e14 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Thu, 28 Jan 2016 17:06:13 -0800
Subject: add peer filtering to all .well-known services

---
 boot.php            |  3 ++-
 mod/_well_known.php | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/boot.php b/boot.php
index 76baba361..4b49cacb5 100755
--- a/boot.php
+++ b/boot.php
@@ -863,7 +863,7 @@ class App {
 			&& array_key_exists('baseurl',$this->config['system'])
 			&& strlen($this->config['system']['baseurl'])) {
 			$url = $this->config['system']['baseurl'];
-
+			$url = trim($url,'\\/');
 			return $url;
 		}
 
@@ -881,6 +881,7 @@ class App {
 			&& array_key_exists('baseurl',$this->config['system'])
 			&& strlen($this->config['system']['baseurl'])) {
 			$url = $this->config['system']['baseurl'];
+			$url = trim($url,'\\/');
 		}
 
 		$parsed = @parse_url($url);
diff --git a/mod/_well_known.php b/mod/_well_known.php
index 58ed13ece..47cfe1512 100644
--- a/mod/_well_known.php
+++ b/mod/_well_known.php
@@ -7,6 +7,22 @@ function _well_known_init(&$a){
 		$arr = array('server' => $_SERVER, 'request' => $_REQUEST);
 		call_hooks('well_known', $arr);
 
+
+		if(! check_siteallowed($_SERVER['REMOTE_ADDR'])) {
+			logger('well_known: site not allowed. ' . $_SERVER['REMOTE_ADDR']);
+			killme();
+		}
+
+		// from php.net re: REMOTE_HOST:
+		//     Note: Your web server must be configured to create this variable. For example in Apache 
+		// you'll need HostnameLookups On inside httpd.conf for it to exist. See also gethostbyaddr(). 
+
+		if(get_config('system','siteallowed_remote_host') && (! check_siteallowed($_SERVER['REMOTE_HOST']))) {
+			logger('well_known: site not allowed. ' . $_SERVER['REMOTE_HOST']);
+			killme();
+		}
+
+
 		switch(argv(1)) {
 			case 'zot-info':
 				$a->argc -= 1;
-- 
cgit v1.2.3