From bd9aff47b69d62b42dd3e450ea76bb1616dbec58 Mon Sep 17 00:00:00 2001
From: Côme Chilliet <come.chilliet@nextcloud.com>
Date: Mon, 27 Jun 2022 16:48:58 +0200
Subject: Improve local IP detection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 lib/private/Http/Client/LocalAddressChecker.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'lib/private/Http')

diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php
index c69d1007a16..b233f34b19c 100644
--- a/lib/private/Http/Client/LocalAddressChecker.php
+++ b/lib/private/Http/Client/LocalAddressChecker.php
@@ -41,6 +41,12 @@ class LocalAddressChecker {
 			throw new LocalServerException('Host violates local access rules');
 		}
 
+		$localIps = ['100.100.100.200'];
+		if ((bool)filter_var($ip, FILTER_VALIDATE_IP) && in_array($ip, $localIps)) {
+			$this->logger->warning("Host $ip was not connected to because it violates local access rules");
+			throw new LocalServerException('Host violates local access rules');
+		}
+
 		// Also check for IPv6 IPv4 nesting, because that's not covered by filter_var
 		if ((bool)filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && substr_count($ip, '.') > 0) {
 			$delimiter = strrpos($ip, ':'); // Get last colon
-- 
cgit v1.2.3