From b6f2144237a9f4d2366da6ae4c170a281c2c5dd5 Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 13 Oct 2018 04:31:37 +0000 Subject: [PATCH] Avoid beeing flooded by invalid requests --- index.php | 4 ++++ mod/xrd.php | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/index.php b/index.php index 19b85b935..faa86575e 100644 --- a/index.php +++ b/index.php @@ -48,6 +48,10 @@ if ($a->isMaxProcessesReached() || $a->isMaxLoadReached()) { System::httpExit(503, ['title' => 'Error 503 - Service Temporarily Unavailable', 'description' => 'System is currently overloaded. Please try again later.']); } +if (strstr($a->query_string, '.well-known/host-meta') and ($a->query_string != '.well-known/host-meta')) { + System::httpExit(404); +} + if (!$a->getMode()->isInstall()) { if (Config::get('system', 'force_ssl') && ($a->get_scheme() == "http") && (intval(Config::get('system', 'ssl_policy')) == SSL_POLICY_FULL) diff --git a/mod/xrd.php b/mod/xrd.php index 6a5fdbbdb..921d48fe9 100644 --- a/mod/xrd.php +++ b/mod/xrd.php @@ -13,7 +13,7 @@ function xrd_init(App $a) { if ($a->argv[0] == 'xrd') { if (empty($_GET['uri'])) { - killme(); + System::httpExit(404); } $uri = urldecode(notags(trim($_GET['uri']))); @@ -24,7 +24,7 @@ function xrd_init(App $a) } } else { if (empty($_GET['resource'])) { - killme(); + System::httpExit(404); } $uri = urldecode(notags(trim($_GET['resource']))); @@ -48,7 +48,7 @@ function xrd_init(App $a) $user = DBA::selectFirst('user', [], ['nickname' => $name]); if (!DBA::isResult($user)) { - killme(); + System::httpExit(404); } $profile_url = System::baseUrl().'/profile/'.$user['nickname'];