aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/bin
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--bin/LukeSkywalker.IPNetwork.dllbin0 -> 18432 bytes
-rw-r--r--bin/OpenSim.ini.example26
-rw-r--r--bin/OpenSimDefaults.ini20
-rw-r--r--bin/Robust.HG.ini.example7
-rw-r--r--bin/Robust.ini.example7
5 files changed, 60 insertions, 0 deletions
diff --git a/bin/LukeSkywalker.IPNetwork.dll b/bin/LukeSkywalker.IPNetwork.dll
new file mode 100644
index 0000000..25bcc2f
--- /dev/null
+++ b/bin/LukeSkywalker.IPNetwork.dll
Binary files differ
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index 1b5a4af..ebc0ff6 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -486,6 +486,32 @@
486 ;; the region ports use UDP. 486 ;; the region ports use UDP.
487 ; http_listener_port = 9000 487 ; http_listener_port = 9000
488 488
489 ; By default, OpenSimulator does not allow scripts to make HTTP calls to addresses on the simulator's LAN.
490 ; See the OutboundDisallowForUserScripts parameter in OpenSimDefaults.ini for more information on this filter.
491 ; If you need to allow scripts to make some LAN calls use the OutboundDisallowForUserScriptsExcept parameter below.
492 ; We recommend that you do not override OutboundDisallowForUserScripts directly unless you are very sure about what you're doing.
493 ;
494 ; You can whitelist individual endpoints by IP or FQDN, e.g.
495 ;
496 ; OutboundDisallowForUserScriptsExcept = 192.168.1.3:8003
497 ;
498 ; You can specify multiple addresses by separating them with a bar. For example,
499 ;
500 ; OutboundDisallowForUserScriptsExcept = 192.168.1.3:8003|myinternalserver:8000
501 ;
502 ; If an address if given without a port number then port 80 is assumed
503 ;
504 ; You can also specify a network range in CIDR notation to whitelist, e.g.
505 ;
506 ; OutboundDisallowForUserScriptsExcept = 192.168.1.0/24
507 ;
508 ; to whitelist all ports on addresses 192.168.1.0 to 192.168.1.255
509 ; To specify an individual IP address use the /32 netmask
510 ;
511 ; OutboundDisallowForUserScriptsExcept = 192.168.1.2/32
512 ;
513 ; See http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation for more information on CIDR notation
514
489 ;# {ExternalHostNameForLSL} {} {Hostname to use for HTTP-IN URLs. This should be reachable from the internet.} {} 515 ;# {ExternalHostNameForLSL} {} {Hostname to use for HTTP-IN URLs. This should be reachable from the internet.} {}
490 ;; Hostname to use in llRequestURL/llRequestSecureURL 516 ;; Hostname to use in llRequestURL/llRequestSecureURL
491 ;; if not defined - default machine name is being used 517 ;; if not defined - default machine name is being used
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini
index 4faf7f3..af37ccc 100644
--- a/bin/OpenSimDefaults.ini
+++ b/bin/OpenSimDefaults.ini
@@ -492,6 +492,26 @@
492 ; (on Windows this mean NETBIOS name - useably only inside local network) 492 ; (on Windows this mean NETBIOS name - useably only inside local network)
493 ; ExternalHostNameForLSL=127.0.0.1 493 ; ExternalHostNameForLSL=127.0.0.1
494 494
495 ; Disallow the following address ranges for user scripting calls (e.g. llHttpRequest())
496 ; This is based on http://en.wikipedia.org/wiki/Reserved_IP_addresses
497 ; This stops users making HTTP calls to machines in the simulator's local network.
498 ; If you need to allow some LAN calls we recommend you use OutboundDisallowForUserScriptsExcept documented in OpenSim.ini.example
499 ; If you override OutboundDisallowForUserScripts directly you need to be very careful.
500 ;
501 ; Network ranges are specified in CIDR notation (http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation) with multiple entries separated by |
502 ; To specify an individual IP address use the /32 netmask (e.g. 192.168.1.3/32)
503 ; You can also specify individual <addr>:<port> endpoints (e.g. 192.168.1.3:8003)
504 ; If an address if given without a port number then port 80 is assumed.
505 OutboundDisallowForUserScripts = 0.0.0.0/8|10.0.0.0/8|100.64.0.0/10|127.0.0.0/8|169.254.0.0/16|172.16.0.0/12|192.0.0.0/24|192.0.2.0/24|192.88.99.0/24|192.168.0.0/16|198.18.0.0/15|198.51.100.0/24|203.0.113.0/24|224.0.0.0/4|240.0.0.0/4|255.255.255.255/32
506 ;
507 ; You can also prevent all user script outgoing calls with the following override in OpenSim.ini
508 ;
509 ; OutboundDisallowForUserScripts = 0.0.0.0/0
510 ;
511 ; You can also disable the blacklist entirely with an empty entry
512 ;
513 ; OutboundDisallowForUserScripts = ""
514
495 ; What is reported as the "X-Secondlife-Shard" 515 ; What is reported as the "X-Secondlife-Shard"
496 ; Defaults to the user server url if not set 516 ; Defaults to the user server url if not set
497 ; The old default is "OpenSim", set here for compatibility 517 ; The old default is "OpenSim", set here for compatibility
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example
index 5fa4026..872a7f8 100644
--- a/bin/Robust.HG.ini.example
+++ b/bin/Robust.HG.ini.example
@@ -153,6 +153,13 @@
153 ;; Hypergrid services are not affected by this; they are publicly available 153 ;; Hypergrid services are not affected by this; they are publicly available
154 ;; by design. 154 ;; by design.
155 155
156 ;; By default, scripts are not allowed to call private services via llHttpRequest()
157 ;; Such calls are detected by the X-SecondLife-Shared HTTP header
158 ;; If you allow such calls you must be sure that they are restricted to very trusted scripters
159 ;; (remember scripts can also be in visiting avatar attachments).
160 ;; This can be overriden in individual private service sections if necessary
161 AllowllHTTPRequestIn = false
162
156 ; * The following are for the remote console 163 ; * The following are for the remote console
157 ; * They have no effect for the local or basic console types 164 ; * They have no effect for the local or basic console types
158 ; * Leave commented to diable logins to the console 165 ; * Leave commented to diable logins to the console
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example
index a0b8f50..48deeae 100644
--- a/bin/Robust.ini.example
+++ b/bin/Robust.ini.example
@@ -129,6 +129,13 @@
129 ;; This is useful in cases where you want to protect most of the services, 129 ;; This is useful in cases where you want to protect most of the services,
130 ;; but unprotect individual services. Username and Password can also be 130 ;; but unprotect individual services. Username and Password can also be
131 ;; overriden if you want to use different credentials for the different services. 131 ;; overriden if you want to use different credentials for the different services.
132
133 ;; By default, scripts are not allowed to call private services via llHttpRequest()
134 ;; Such calls are detected by the X-SecondLife-Shared HTTP header
135 ;; If you allow such calls you must be sure that they are restricted to very trusted scripters
136 ;; (remember scripts can also be in visiting avatar attachments).
137 ;; This can be overriden in individual private service sections if necessary
138 AllowllHTTPRequestIn = false
132 139
133 ; * The following are for the remote console 140 ; * The following are for the remote console
134 ; * They have no effect for the local or basic console types 141 ; * They have no effect for the local or basic console types