Improve local IP detection

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
author: Côme Chilliet <come.chilliet@nextcloud.com> 2022-06-27 16:48:58 +0200
committer: Côme Chilliet (Rebase PR Action) <come-nc@users.noreply.github.com> 2022-07-12 09:49:27 +0000
commit: bd9aff47b69d62b42dd3e450ea76bb1616dbec58 (patch)
tree: 7912d964e8327501004d4e21179a98233dd0d883 /lib
parent: b2017cd5574fa2a4b4812ad5fa5c89dd9cd4dc7a (diff)
download: nextcloud-server-bd9aff47b69d62b42dd3e450ea76bb1616dbec58.tar.gz
nextcloud-server-bd9aff47b69d62b42dd3e450ea76bb1616dbec58.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php
index c69d1007a16..b233f34b19c 100644
--- a/lib/private/Http/Client/LocalAddressChecker.php
+++ b/lib/private/Http/Client/LocalAddressChecker.php
@@ -41,6 +41,12 @@ class LocalAddressChecker {
 			throw new LocalServerException('Host violates local access rules');
 		}
 
+		$localIps = ['100.100.100.200'];
+		if ((bool)filter_var($ip, FILTER_VALIDATE_IP) && in_array($ip, $localIps)) {
+			$this->logger->warning("Host $ip was not connected to because it violates local access rules");
+			throw new LocalServerException('Host violates local access rules');
+		}
+
 		// Also check for IPv6 IPv4 nesting, because that's not covered by filter_var
 		if ((bool)filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && substr_count($ip, '.') > 0) {
 			$delimiter = strrpos($ip, ':'); // Get last colon
author	Côme Chilliet <come.chilliet@nextcloud.com>	2022-06-27 16:48:58 +0200
committer	Côme Chilliet (Rebase PR Action) <come-nc@users.noreply.github.com>	2022-07-12 09:49:27 +0000
commit	bd9aff47b69d62b42dd3e450ea76bb1616dbec58 (patch)
tree	7912d964e8327501004d4e21179a98233dd0d883 /lib
parent	b2017cd5574fa2a4b4812ad5fa5c89dd9cd4dc7a (diff)
download	nextcloud-server-bd9aff47b69d62b42dd3e450ea76bb1616dbec58.tar.gz nextcloud-server-bd9aff47b69d62b42dd3e450ea76bb1616dbec58.zip