projects
/
openwrt.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
[package] uhttpd: add option to reject requests from RFC1918 IPs to public server...
[openwrt.git]
/
package
/
uhttpd
/
src
/
uhttpd.c
diff --git
a/package/uhttpd/src/uhttpd.c
b/package/uhttpd/src/uhttpd.c
index
8272962
..
be88247
100644
(file)
--- a/
package/uhttpd/src/uhttpd.c
+++ b/
package/uhttpd/src/uhttpd.c
@@
-524,7
+524,7
@@
int main (int argc, char **argv)
#endif
while( (opt = getopt(argc, argv,
#endif
while( (opt = getopt(argc, argv,
- "fSDC:K:E:I:p:s:h:c:l:L:d:r:m:x:t:T:")) > 0
+ "fSD
R
C:K:E:I:p:s:h:c:l:L:d:r:m:x:t:T:")) > 0
) {
switch(opt)
{
) {
switch(opt)
{
@@
-648,6
+648,10
@@
int main (int argc, char **argv)
conf.no_dirlists = 1;
break;
conf.no_dirlists = 1;
break;
+ case 'R':
+ conf.rfc1918_filter = 1;
+ break;
+
#ifdef HAVE_CGI
/* cgi prefix */
case 'x':
#ifdef HAVE_CGI
/* cgi prefix */
case 'x':
@@
-728,6
+732,7
@@
int main (int argc, char **argv)
" -I string Use given filename as index page for directories\n"
" -S Do not follow symbolic links outside of the docroot\n"
" -D Do not allow directory listings, send 403 instead\n"
" -I string Use given filename as index page for directories\n"
" -S Do not follow symbolic links outside of the docroot\n"
" -D Do not allow directory listings, send 403 instead\n"
+ " -R Enable RFC1918 filter\n"
#ifdef HAVE_LUA
" -l string URL prefix for Lua handler, default is '/lua'\n"
" -L file Lua handler script, omit to disable Lua\n"
#ifdef HAVE_LUA
" -l string URL prefix for Lua handler, default is '/lua'\n"
" -L file Lua handler script, omit to disable Lua\n"
@@
-932,6
+937,14
@@
int main (int argc, char **argv)
/* parse message header */
if( (req = uh_http_header_recv(cl)) != NULL )
{
/* parse message header */
if( (req = uh_http_header_recv(cl)) != NULL )
{
+ /* RFC1918 filtering required? */
+ if( conf.rfc1918_filter && sa_rfc1918(&cl->peeraddr) &&
+ !sa_rfc1918(&cl->servaddr) )
+ {
+ uh_http_sendhf(cl, 403, "Forbidden",
+ "Rejected request from RFC1918 IP to public server address");
+ }
+ else
#ifdef HAVE_LUA
/* Lua request? */
if( L && uh_path_match(conf.lua_prefix, req->url) )
#ifdef HAVE_LUA
/* Lua request? */
if( L && uh_path_match(conf.lua_prefix, req->url) )
This page took
0.024408 seconds
and
4
git commands to generate.