by Giorgio Maone » Sat Sep 22, 2018 6:13 am
barbaz wrote:I haven't added one, but if I did I would probably try this -
Code: Select all
Site https://repo.hyperbola.info:50000/* https://git.hyperbola.info:50100/*
Accept from ^https://(?:[^/:]+\.)?hyperbola\.info[/:]
That's perfectly fine: it's specific enough, and uses https, so it couldn't be used for rebinding unless the attacker owns a valid hyperbola.info certificate, which would be a bigger trouble opening for much easier attacks.
[quote="barbaz"]I haven't added one, but if I did I would probably try this -
[code]Site https://repo.hyperbola.info:50000/* https://git.hyperbola.info:50100/*
Accept from ^https://(?:[^/:]+\.)?hyperbola\.info[/:][/code][/quote]
That's perfectly fine: it's specific enough, and uses https, so it couldn't be used for rebinding unless the attacker owns a valid hyperbola.info certificate, which would be a bigger trouble opening for much easier attacks.