FSN#39241 Onderste 16 bit ip-wissel altijd toestaan
svn path=/Website/branches/v2016.3/; revision=32647
This commit is contained in:
Jos Groot Lipman
@@ -232,7 +232,9 @@ else
|
|||||||
if (S("sys_ip_lockmode") > 0)
|
if (S("sys_ip_lockmode") > 0)
|
||||||
{
|
{
|
||||||
var ip = String(Request.ServerVariables("REMOTE_ADDR"));
|
var ip = String(Request.ServerVariables("REMOTE_ADDR"));
|
||||||
if (Session("last_ip") && Session("last_ip") != ip)
|
// We zijn relatief flexibel: de laatste 16 bit wijzigen staan we toe
|
||||||
|
// Deze bescherming tegen session hijacking is dus maar heel beperkt
|
||||||
|
if (Session("last_ip") && Session("last_ip") != ip && !IP.inSubnet(Session("last_ip"), ip + "/16"))
|
||||||
{
|
{
|
||||||
var agent = String(Request.ServerVariables("HTTP_USER_AGENT"));
|
var agent = String(Request.ServerVariables("HTTP_USER_AGENT"));
|
||||||
__DoLog("Unexpected ip-change from {0} to {1}\n{2}".format(Session("last_ip"), ip, agent), "#0ff");
|
__DoLog("Unexpected ip-change from {0} to {1}\n{2}".format(Session("last_ip"), ip, agent), "#0ff");
|
||||||
|
|||||||
Reference in New Issue
Block a user