Differential D12169

Mostly defuse DNS rebinding attack for outbound requests
ClosedPublic
Actions

Authored by epriestley on Mar 26 2015, 2:05 PM.

Details

Reviewers

btrahan

Maniphest Tasks

T6755: Allow more granular configuration of `security.allow-outbound-http`

Commits

Restricted Diffusion Commit
rP40fb0f98df6c: Mostly defuse DNS rebinding attack for outbound requests

Summary

Ref T6755. I'll add some notes there about specifics.

Test Plan

Made connections to HTTP and HTTPS URIs.
Added some debugging code to verify that HTTP URIs were pre-resolved.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 29243.Mar 26 2015, 2:05 PM

epriestley retitled this revision from to Mostly defuse DNS rebinding attack for outbound requests.

epriestley updated this object.

epriestley edited the test plan for this revision. (Show Details)

epriestley added a reviewer: btrahan.

epriestley added a task: T6755: Allow more granular configuration of `security.allow-outbound-http`.

Herald added a subscriber: epriestley. · View Herald TranscriptMar 26 2015, 2:05 PM

epriestley mentioned this in T6755: Allow more granular configuration of `security.allow-outbound-http`.Mar 26 2015, 2:14 PM

btrahan accepted this revision.Mar 26 2015, 6:11 PM

btrahan edited edge metadata.

This revision is now accepted and ready to land.Mar 26 2015, 6:11 PM

Closed by commit rP40fb0f98df6c: Mostly defuse DNS rebinding attack for outbound requests (authored by epriestley, committed by epriestley). · Explain WhyMar 26 2015, 6:12 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

files/

storage/

PhabricatorFile.php

30 lines

infrastructure/

env/

PhabricatorEnv.php

7 lines

Diff 29252

View Options

src/applications/files/storage/PhabricatorFile.php