diff options
| author | Andrew Moss <1043609+amoss@users.noreply.github.com> | 2019-09-18 16:45:52 +0200 |
|---|---|---|
| committer | Chris Akritidis <43294513+cakrit@users.noreply.github.com> | 2019-09-18 16:45:52 +0200 |
| commit | 187620911c06585882350ff871ef49bb6e6acd1e (patch) | |
| tree | c47356692e6e9378b2e9767131e745340cf2f9ba /web/api | |
| parent | 217cd7b939218cf00b11addd6a75df1468c32ee5 (diff) | |
Allow hostnames in Access Control Lists (#6796)
##### Summary
The Access Control List (ACL) configuration parameters can now use hostnames with simple patterns. Incoming connections are resolved using reverse DNS to obtain the hostname. Where a hostname is resolved, forward DNS resolution is performed to check the IP address is really associated with the hostname. If the checks pass then the patterns supplied are checked. Any patterns supplied for numeric ip addresses are also checked.
##### Component Name
daemon
##### Additional Information
Fixes #6438
* Reverse lookup on ip to get hostname
* Forward lookup on hostname to get IP addresses.
* Validation that the incomming ip is associated with the host.
If these checks fail the hostname is discarded so it cannot match against the access-list
patterns. If these checks validate the ip successfully then the resolved hostname is
pattern-matched as described in the previous commit.
Diffstat (limited to 'web/api')
0 files changed, 0 insertions, 0 deletions