implemented the sybil attack script

2020-08-23 11:54:14 -05:00 · 2020-08-23 11:54:14 -05:00 · 8d54519771
commit 8d54519771
parent 9f1f1435ce
2 changed files with 23 additions and 7 deletions
--- a/src/httpapi/security/public.py
+++ b/src/httpapi/security/public.py
@ -40,7 +40,9 @@ class PublicAPISecurity:

            if request.host not in transports:
                # Abort conn if wrong HTTP hostname, to prevent DNS rebinding
-                abort(403)
+                if not public_api.config.get(
+                        'general.allow_public_api_dns_rebinding', False):
+                    abort(403)
            public_api.hitCount += 1  # raise hit count for valid requests
            try:
                if 'onionr' in request.headers['User-Agent'].lower():