uhttpd: add option to reject requests from RFC1918 IPs to public server IPs (DNS...

[openwrt/openwrt.git] / package / uhttpd / files / uhttpd.config

diff --git a/package/uhttpd/files/uhttpd.config b/package/uhttpd/files/uhttpd.config
index acdd62ea4eb471aba1e9f5f9397ad1715ff008bb..534e8f8b29da31f1e33df1a2975250fbccd25742 100644 (file)
--- a/package/uhttpd/files/uhttpd.config
+++ b/package/uhttpd/files/uhttpd.config
@@ -12,6 +12,11 @@ config uhttpd main
        # Server document root
        option home             /www
 
+       # Reject requests from RFC1918 IP addresses
+       # directed to the servers public IP(s).
+       # This is a DNS rebinding countermeasure.
+       option rfc1918_filter 1
+
        # Certificate and private key for HTTPS.
        # If no listen_https addresses are given,
        # the key options are ignored.