Project

General

Profile

Actions

Bug #708

closed

Need more checks for dns rebind issue

Added by Scott Ullrich over 14 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
Start date:
07/01/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

I just committed a change for --stop-dns-rebind on dnsmasq but we need to go a bit further on our checks in auth.inc:

The --stop-dns-rebind option for DNSMasq is definitely a good one to enable,
but I would also suggest validating HTTP host headers. If the router
receives an HTTP request and the Host header doesn't match the router's IP
address or host name (assuming it has a host name), then it should block the
request or redirect the client to an error page.

Actions

Also available in: Atom PDF