aboutsummaryrefslogtreecommitdiffstats
path: root/cmd
diff options
context:
space:
mode:
authorMartin Holst Swende <martin@swende.se>2018-02-12 20:52:07 +0800
committerPéter Szilágyi <peterke@gmail.com>2018-02-12 20:52:07 +0800
commit589b603a9b1e17930d1e83ca64ce7cdc4c3d5c85 (patch)
treec1993266024190bd6789a471f5957b9dfa6f4dbc /cmd
parent9123eceb0f78f69e88d909a56ad7fadb75570198 (diff)
downloaddexon-589b603a9b1e17930d1e83ca64ce7cdc4c3d5c85.tar
dexon-589b603a9b1e17930d1e83ca64ce7cdc4c3d5c85.tar.gz
dexon-589b603a9b1e17930d1e83ca64ce7cdc4c3d5c85.tar.bz2
dexon-589b603a9b1e17930d1e83ca64ce7cdc4c3d5c85.tar.lz
dexon-589b603a9b1e17930d1e83ca64ce7cdc4c3d5c85.tar.xz
dexon-589b603a9b1e17930d1e83ca64ce7cdc4c3d5c85.tar.zst
dexon-589b603a9b1e17930d1e83ca64ce7cdc4c3d5c85.zip
rpc: dns rebind protection (#15962)
* cmd,node,rpc: add allowedHosts to prevent dns rebinding attacks * p2p,node: Fix bug with dumpconfig introduced in r54aeb8e4c0bb9f0e7a6c67258af67df3b266af3d * rpc: add wildcard support for rpcallowedhosts + go fmt * cmd/geth, cmd/utils, node, rpc: ignore direct ip(v4/6) addresses in rpc virtual hostnames check * http, rpc, utils: make vhosts into map, address review concerns * node: change log messages to use geth standard (not sprintf) * rpc: fix spelling
Diffstat (limited to 'cmd')
-rw-r--r--cmd/geth/main.go1
-rw-r--r--cmd/geth/usage.go1
-rw-r--r--cmd/utils/flags.go7
3 files changed, 9 insertions, 0 deletions
diff --git a/cmd/geth/main.go b/cmd/geth/main.go
index cb8d63bf7..a82e5c89c 100644
--- a/cmd/geth/main.go
+++ b/cmd/geth/main.go
@@ -114,6 +114,7 @@ var (
utils.VMEnableDebugFlag,
utils.NetworkIdFlag,
utils.RPCCORSDomainFlag,
+ utils.RPCVirtualHostsFlag,
utils.EthStatsURLFlag,
utils.MetricsEnabledFlag,
utils.FakePoWFlag,
diff --git a/cmd/geth/usage.go b/cmd/geth/usage.go
index a2bcaff02..a1558c233 100644
--- a/cmd/geth/usage.go
+++ b/cmd/geth/usage.go
@@ -156,6 +156,7 @@ var AppHelpFlagGroups = []flagGroup{
utils.IPCDisabledFlag,
utils.IPCPathFlag,
utils.RPCCORSDomainFlag,
+ utils.RPCVirtualHostsFlag,
utils.JSpathFlag,
utils.ExecFlag,
utils.PreloadJSFlag,
diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go
index 2a2909ff2..5fd5013f0 100644
--- a/cmd/utils/flags.go
+++ b/cmd/utils/flags.go
@@ -397,6 +397,11 @@ var (
Usage: "Comma separated list of domains from which to accept cross origin requests (browser enforced)",
Value: "",
}
+ RPCVirtualHostsFlag = cli.StringFlag{
+ Name: "rpcvhosts",
+ Usage: "Comma separated list of virtual hostnames from which to accept requests (server enforced). Accepts '*' wildcard.",
+ Value: "localhost",
+ }
RPCApiFlag = cli.StringFlag{
Name: "rpcapi",
Usage: "API's offered over the HTTP-RPC interface",
@@ -690,6 +695,8 @@ func setHTTP(ctx *cli.Context, cfg *node.Config) {
if ctx.GlobalIsSet(RPCApiFlag.Name) {
cfg.HTTPModules = splitAndTrim(ctx.GlobalString(RPCApiFlag.Name))
}
+
+ cfg.HTTPVirtualHosts = splitAndTrim(ctx.GlobalString(RPCVirtualHostsFlag.Name))
}
// setWS creates the WebSocket RPC listener interface string from the set