Browse Source

Fixed blacklist check not just checking the hostname of the referer header

master
Teknikode 3 months ago
parent
commit
8e22837158
1 changed files with 12 additions and 2 deletions
  1. 12
    2
      Teknik/Middleware/BlacklistMiddleware.cs

+ 12
- 2
Teknik/Middleware/BlacklistMiddleware.cs View File

@@ -48,12 +48,22 @@ namespace Teknik.Middleware
if (!blocked)
{
string referrer = context.Request.Headers["Referer"].ToString();
string referrerHost = referrer;
try
{
var referrerUri = new Uri(referrer);
referrerHost = referrerUri.Host;
} catch
{ }
if (!string.IsNullOrEmpty(referrer))
{
StringDictionary badReferrers = GetFileData(context, "BlockedReferrers", config.ReferrerBlacklistFile);

blocked |= (badReferrers != null && badReferrers.ContainsKey(referrer));
blockReason = $"This referrer ({referrer}) has been blacklisted. If you feel this is in error, please contact support@teknik.io for assistance.";
if (badReferrers != null)
{
blocked |= badReferrers.ContainsKey(referrer) || badReferrers.ContainsKey(referrerHost);
blockReason = $"This referrer ({referrer}) has been blacklisted. If you feel this is in error, please contact support@teknik.io for assistance.";
}
}
}
#endregion

Loading…
Cancel
Save