fergalmoran/DnsServer
1
0
Fork 0
mirror of https://github.com/fergalmoran/DnsServer.git synced 2026-01-03 07:15:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

DnsServer: fixed issue in DNS-over-HTTP private IP check causing 403 with reverse proxy.

Browse Source
This commit is contained in:
Shreyas Zare
2023-02-26 17:26:55 +05:30
parent 7c82ed7907
commit c1f287528b
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
DnsServerCore/Dns/DnsServer.cs
View File

@@ -768,13 +768,19 @@ namespace DnsServerCore.Dns
return;
}
if (!request.IsHttps && !NetUtilities.IsPrivateIP(remoteEP.Address))
if (!request.IsHttps)
{
//intentionally blocking public IP addresses from using DNS-over-HTTP (without TLS)
//this feature is intended to be used with an SSL terminated reverse proxy like nginx on private network
response.StatusCode = 403;
await response.WriteAsync("DNS-over-HTTPS (DoH) queries are supported only on HTTPS.");
return;
//get the actual connection remote EP
IPEndPoint connectionEp = context.GetRemoteEndPoint(true);
if (!NetUtilities.IsPrivateIP(connectionEp.Address))
{
//intentionally blocking public IP addresses from using DNS-over-HTTP (without TLS)
//this feature is intended to be used with an SSL terminated reverse proxy like nginx on private network
response.StatusCode = 403;
await response.WriteAsync("DNS-over-HTTPS (DoH) queries are supported only on HTTPS.");
return;
}
}
switch (request.Method)