Server: Add host whitelisting (#4476)
* Add host whitelisting middleware * Add prompt to enable hostWhitelist * perf: Freeze config array * Update src/middleware/hostWhitelist.js Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * perf: Add max known hosts limit * Add validation warning disable hint * Add conditional host whitelist middleware based on SSL configuration * Check for cache exhaustion before logging * Revert "Add conditional host whitelist middleware based on SSL configuration" This reverts commit 968104c6f4f2e4b72e1fd8ceff0a4b0ded216d69. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Cohee
@@ -94,6 +94,18 @@ autheliaAuth: false
|
||||
# the username and passwords for basic auth are the same as those
|
||||
# for the individual accounts
|
||||
perUserBasicAuth: false
|
||||
# Host whitelist configuration. Recommended if you're using a listen mode
|
||||
hostWhitelist:
|
||||
# Enable or disable host whitelisting
|
||||
enabled: false
|
||||
# Scan incoming requests for potential host header spoofing
|
||||
scan: true
|
||||
# List of allowed hosts. Do not include localhost or IPs, these are safe.
|
||||
# Use a dot to create subdomain patterns.
|
||||
# Examples:
|
||||
# - example.com
|
||||
# - .trycloudflare.com
|
||||
hosts: []
|
||||
|
||||
# User session timeout *in seconds* (defaults to 24 hours).
|
||||
## Set to a positive number to expire session after a certain time of inactivity
|
||||
|
||||
Reference in New Issue
Block a user