Revision 1ba06f44
Added by Scott Ullrich about 15 years ago
etc/inc/auth.inc | ||
---|---|---|
49 | 49 |
|
50 | 50 |
require_once("config.gui.inc"); |
51 | 51 |
|
52 |
/* DNS Binding attack prevention. http://redmine.pfsense.org/issues/708 */ |
|
52 | 53 |
if ($_SERVER['HTTP_HOST'] != $config['system']['hostname'] . "." . $config['system']['domain'] and |
53 | 54 |
$_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] and |
54 | 55 |
$_SERVER['HTTP_HOST'] != $config['system']['hostname']) { |
Also available in: Unified diff
Comment what we are doing here and add the ticket #.