add peer filtering to all .well-known services

2016-01-28 17:06:13 -08:00 · 2016-01-28 17:06:13 -08:00 · c214692f66
commit c214692f66
parent 35a9a468ce
2 changed files with 18 additions and 1 deletions
--- a/boot.php
+++ b/boot.php
@ -863,7 +863,7 @@ class App {
 			&& array_key_exists('baseurl',$this->config['system'])
 			&& strlen($this->config['system']['baseurl'])) {
 			$url = $this->config['system']['baseurl'];
-
+			$url = trim($url,'\\/');
 			return $url;
 		}

@ -881,6 +881,7 @@ class App {
 			&& array_key_exists('baseurl',$this->config['system'])
 			&& strlen($this->config['system']['baseurl'])) {
 			$url = $this->config['system']['baseurl'];
+			$url = trim($url,'\\/');
 		}

 		$parsed = @parse_url($url);
--- a/mod/_well_known.php
+++ b/mod/_well_known.php
@ -7,6 +7,22 @@ function _well_known_init(&$a){
 		$arr = array('server' => $_SERVER, 'request' => $_REQUEST);
 		call_hooks('well_known', $arr);

+
+		if(! check_siteallowed($_SERVER['REMOTE_ADDR'])) {
+			logger('well_known: site not allowed. ' . $_SERVER['REMOTE_ADDR']);
+			killme();
+		}
+
+		// from php.net re: REMOTE_HOST:
+		//     Note: Your web server must be configured to create this variable. For example in Apache 
+		// you'll need HostnameLookups On inside httpd.conf for it to exist. See also gethostbyaddr(). 
+
+		if(get_config('system','siteallowed_remote_host') && (! check_siteallowed($_SERVER['REMOTE_HOST']))) {
+			logger('well_known: site not allowed. ' . $_SERVER['REMOTE_HOST']);
+			killme();
+		}
+
+
 		switch(argv(1)) {
 			case 'zot-info':
 				$a->argc -= 1;