Skip to content
Snippets Groups Projects
Commit d2562f45 authored by Daniel Gerhardt's avatar Daniel Gerhardt
Browse files

Merge branch 'headercheck-localhost-ipv6' into '2.x' 

Also block local access using IPv6

See merge request !63
parents 1d40e8d6 7dd0573b
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/main/java/de/thm/arsnova/controller/WelcomeController.java
+ 1
1
View file @ d2562f45
......@@ -85,7 +85,7 @@ public class WelcomeController extends AbstractController {
final HttpServletRequest request
) {
/* Block requests from the server itself to prevent DoS attacks caused by request loops */
if ("127.0.0.1".equals(request.getRemoteAddr())) {
if ("127.0.0.1".equals(request.getRemoteAddr()) || "::1".equals(request.getRemoteAddr())) {
throw new BadRequestException("Access to localhost not allowed.");
}
/* Block requests to servers in private networks */
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment