Bladeren bron

Fixed blacklist check not just checking the hostname of the referer header

master
Teknikode 7 maanden geleden
bovenliggende
commit
8e22837158
1 gewijzigde bestanden met toevoegingen van 12 en 2 verwijderingen
  1. 12
    2
      Teknik/Middleware/BlacklistMiddleware.cs

+ 12
- 2
Teknik/Middleware/BlacklistMiddleware.cs Bestand weergeven

@@ -48,12 +48,22 @@ namespace Teknik.Middleware
if (!blocked)
{
string referrer = context.Request.Headers["Referer"].ToString();
string referrerHost = referrer;
try
{
var referrerUri = new Uri(referrer);
referrerHost = referrerUri.Host;
} catch
{ }
if (!string.IsNullOrEmpty(referrer))
{
StringDictionary badReferrers = GetFileData(context, "BlockedReferrers", config.ReferrerBlacklistFile);

blocked |= (badReferrers != null && badReferrers.ContainsKey(referrer));
blockReason = $"This referrer ({referrer}) has been blacklisted. If you feel this is in error, please contact support@teknik.io for assistance.";
if (badReferrers != null)
{
blocked |= badReferrers.ContainsKey(referrer) || badReferrers.ContainsKey(referrerHost);
blockReason = $"This referrer ({referrer}) has been blacklisted. If you feel this is in error, please contact support@teknik.io for assistance.";
}
}
}
#endregion

Laden…
Annuleren
Opslaan