| |
3050 |
3050 |
@return boolean value |
| |
3051 |
3051 |
} { |
| |
3052 |
3052 |
# |
| |
3053 |
3053 |
# If the host has an non-public IP address (such as |
| |
3054 |
3054 |
# e.g. "localhost") it is regarded as "secure". The first test is |
| |
3055 |
3055 |
# the most simple case, working for all versions of NaviServer or |
| |
3056 |
3056 |
# AOLserver. |
| |
3057 |
3057 |
# |
| |
3058 |
3058 |
if {$host in {localhost 127.0.0.1 ::1}} { |
| |
3059 |
3059 |
return 1 |
| |
3060 |
3060 |
} |
| |
3061 |
3061 |
|
| |
3062 |
3062 |
set validationOk 0 |
| |
3063 |
3063 |
if {[acs::icanuse "ns_ip"]} { |
| |
3064 |
3064 |
# |
| |
3065 |
3065 |
# Check, if the address is not public. It resolves the |
| |
3066 |
3066 |
# $hostName and checks the properties of the first IP address |
| |
3067 |
3067 |
# returned. |
| |
3068 |
3068 |
# |
| |
3069 |
3069 |
set validationOk [expr {![ns_ip public [ns_addrbyhost $host]]}] |
| |
3070 |
|
|
| |
3071 |
|
} elseif {[acs::icanuse "ns_subnetmatch"]} { |
| |
3072 |
|
# |
| |
3073 |
|
# Test for older versions of NaviServer testing if value is an |
| |
3074 |
|
# IP address belonging to a "private network". |
| |
3075 |
|
# |
| |
3076 |
|
try { |
| |
3077 |
|
ns_subnetmatch 0.0.0.0/0 $host |
| |
3078 |
|
} on error {errorMsg} { |
| |
3079 |
|
set ip_address_p 0 |
| |
3080 |
|
} on ok {ip_address_p} { |
| |
3081 |
3070 |
} |
| |
3082 |
|
if {$ip_address_p} { |
| |
3083 |
|
if {[ns_subnetmatch 10.0.0.0/8 $host] |
| |
3084 |
|
|| [ns_subnetmatch 172.16.0.0/12 $host] |
| |
3085 |
|
|| [ns_subnetmatch 192.168.0.0/16 $host] |
| |
3086 |
|
|| [ns_subnetmatch fd00::/8 $host] |
| |
3087 |
|
} { |
| |
3088 |
|
return 1 |
| |
3089 |
|
} |
| |
3090 |
|
} |
| |
3091 |
|
} |
| |
3092 |
3071 |
|
| |
3093 |
3072 |
return 0 |
| |
3094 |
3073 |
} |
| |
3095 |
3074 |
|
| |
3096 |
3075 |
ad_proc -public security::validated_host_header {} { |
| |
3097 |
3076 |
@return validated host header field or empty |
| |
3098 |
3077 |
@author Gustaf Neumann |
| |
3099 |
3078 |
|
| |
3100 |
3079 |
Protect against faked or invalid host header fields. Host header |
| |
3101 |
3080 |
attacks can lead to web-cache poisoning and password reset attacks |
| |
3102 |
3081 |
(for more details, see e.g. |
| |
3103 |
3082 |
http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html) |
| |
3104 |
3083 |
or to unintended redirects to different sites. |
| |
3105 |
3084 |
|
| |
3106 |
3085 |
The validated host header most be syntactically correct, and it |
| |
3107 |
3086 |
must be either configured/white-listed or it must be from a |
| |
3108 |
3087 |
non-routable IP address. White-listed hosts are taken from the |
| |
3109 |
3088 |
alternate host names specified in the "ns/module/DRIVER/servers" |
| |
3110 |
3089 |
section, or via the configuration variable "hostname" (e.g., |
| |
3111 |
3090 |
"openacs.org www.openacs.org") which is added the the "/server" |
