github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 10:37:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow /reset/mail/ only from localhost

Browse source 
Block connection from outside, that could brute force password guessing
This commit is contained in:
dpeca 2018-04-12 01:08:35 +02:00 committed by GitHub
commit b7c19a8e63
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
web/reset/mail/index.php
View file

@ -5,6 +5,23 @@ error_reporting(NULL);
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Checking IP of incoming connection, checking is it NAT address
$ok=0;
$ip=$_SERVER['REMOTE_ADDR'];
exec (VESTA_CMD."v-list-sys-ips json", $output, $return_var);
$output=implode('', $output);
$arr=json_decode($output, true);
foreach ($arr as $arr_key => $arr_val) {
// search for NAT IPs and allow them
if ($ip==$arr_key || $ip==$arr_val['NAT']) {
$ok=1;
break;
}
}
if ($ip == $_SERVER['SERVER_ADDR']) $ok=1;
if ($ip == '127.0.0.1') $ok=1;
if ($ok==0) exit;
//
// sourceforge.net/projects/postfixadmin/
// md5crypt