| 58 |
58 |
$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
|
| 59 |
59 |
$pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']);
|
| 60 |
60 |
$pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']);
|
|
61 |
$pconfig['beast_protection'] = isset($config['system']['webgui']['beast_protection']);
|
| 61 |
62 |
$pconfig['noautocomplete'] = isset($config['system']['webgui']['noautocomplete']);
|
| 62 |
63 |
$pconfig['althostnames'] = $config['system']['webgui']['althostnames'];
|
| 63 |
64 |
$pconfig['enableserial'] = $config['system']['enableserial'];
|
| ... | ... | |
| 166 |
167 |
else
|
| 167 |
168 |
unset($config['system']['webgui']['nohttpreferercheck']);
|
| 168 |
169 |
|
|
170 |
if ($_POST['beast_protection'] == "yes")
|
|
171 |
$config['system']['webgui']['beast_protection'] = true;
|
|
172 |
else
|
|
173 |
unset($config['system']['webgui']['beast_protection']);
|
|
174 |
|
| 169 |
175 |
if ($_POST['noautocomplete'] == "yes")
|
| 170 |
176 |
$config['system']['webgui']['noautocomplete'] = true;
|
| 171 |
177 |
else
|
| ... | ... | |
| 239 |
245 |
}
|
| 240 |
246 |
}
|
| 241 |
247 |
|
|
248 |
unset($hwcrypto);
|
|
249 |
$fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r");
|
|
250 |
if ($fd) {
|
|
251 |
while (!feof($fd)) {
|
|
252 |
$dmesgl = fgets($fd);
|
|
253 |
if (preg_match("/^hifn.: (.*?),/", $dmesgl, $matches)) {
|
|
254 |
unset($pconfig['beast_protection']);
|
|
255 |
$disable_beast_option = "disabled";
|
|
256 |
$hwcrypto = $matches[1];
|
|
257 |
break;
|
|
258 |
}
|
|
259 |
}
|
|
260 |
fclose($fd);
|
|
261 |
}
|
|
262 |
|
| 242 |
263 |
$pgtitle = array(gettext("System"),gettext("Advanced: Admin Access"));
|
| 243 |
264 |
include("head.inc");
|
| 244 |
265 |
|
| ... | ... | |
| 450 |
471 |
"webConfigurator access in certain corner cases such as using external scripts to interact with this system. More information on HTTP_REFERER is available from <a target='_blank' href='http://en.wikipedia.org/wiki/HTTP_referrer'>Wikipedia</a>."); ?>
|
| 451 |
472 |
</td>
|
| 452 |
473 |
</tr>
|
|
474 |
<tr>
|
|
475 |
<td width="22%" valign="top" class="vncell"><?=gettext("BEAST Attack Protection"); ?></td>
|
|
476 |
<td width="78%" class="vtable">
|
|
477 |
<input name="beast_protection" type="checkbox" id="beast_protection" value="yes" <?php if ($pconfig['beast_protection']) echo "checked=\"checked\""; ?> <?= $disable_beast_option ?>/>
|
|
478 |
<strong><?=gettext("Mitigate the BEAST SSL Attack"); ?></strong>
|
|
479 |
<br/>
|
|
480 |
<?php echo gettext("When this is checked, the webConfigurator can mitigate BEAST SSL attacks. ") ?>
|
|
481 |
<br/>
|
|
482 |
<?php if ($disable_beast_option) {
|
|
483 |
echo "<br/>" . sprintf(gettext("This option has been automatically disabled because a conflicting cryptographic accelerator card has been detected (%s)."), $hwcrypto) . "<br/><br/>";
|
|
484 |
} ?>
|
|
485 |
<?php echo gettext("This option is off by default because Hifn accelerators do NOT work with this option, and the GUI will not function. " .
|
|
486 |
"It is possible that other accelerators have a similar problem that is not yet known/documented. " .
|
|
487 |
"More information on BEAST is available from <a target='_blank' href='https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack'>Wikipedia</a>."); ?>
|
|
488 |
</td>
|
|
489 |
</tr>
|
| 453 |
490 |
<tr>
|
| 454 |
491 |
<td colspan="2" class="list" height="12"> </td>
|
| 455 |
492 |
</tr>
|
Added by Jim Pingle about 12 years ago
Disable the BEAST protection by default because the GUI will break if you use this and have a Hifn card installed. Others may break similarly. Change it into a checkbox option, off by default, and automatically disable it if a conflicting card has been detected.