Commit d2562f45 authored by Daniel Gerhardt's avatar Daniel Gerhardt
Browse files

Merge branch 'headercheck-localhost-ipv6' into '2.x'

Also block local access using IPv6

See merge request !63
parents 1d40e8d6 7dd0573b
......@@ -85,7 +85,7 @@ public class WelcomeController extends AbstractController {
final HttpServletRequest request
) {
/* Block requests from the server itself to prevent DoS attacks caused by request loops */
if ("".equals(request.getRemoteAddr())) {
if ("".equals(request.getRemoteAddr()) || "::1".equals(request.getRemoteAddr())) {
throw new BadRequestException("Access to localhost not allowed.");
/* Block requests to servers in private networks */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment