Revision 1ba06f44
Added by Scott Ullrich about 15 years ago
| etc/inc/auth.inc | ||
|---|---|---|
| 49 | 49 |
|
| 50 | 50 |
require_once("config.gui.inc");
|
| 51 | 51 |
|
| 52 |
/* DNS Binding attack prevention. http://redmine.pfsense.org/issues/708 */ |
|
| 52 | 53 |
if ($_SERVER['HTTP_HOST'] != $config['system']['hostname'] . "." . $config['system']['domain'] and |
| 53 | 54 |
$_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] and |
| 54 | 55 |
$_SERVER['HTTP_HOST'] != $config['system']['hostname']) {
|
Also available in: Unified diff
Comment what we are doing here and add the ticket #.