diff options
| author | Justin Clark-Casey (justincc) | 2015-03-04 17:43:00 +0000 |
|---|---|---|
| committer | Justin Clark-Casey (justincc) | 2015-03-04 18:27:50 +0000 |
| commit | 7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda (patch) | |
| tree | e50126a4e6c23ac747bf0842774538dc731d2d85 /bin/OpenSim.ini.example | |
| parent | usability fixes for LSL API (diff) | |
| download | opensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.zip opensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.gz opensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.bz2 opensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.xz | |
Add outbound URL filter to llHttpRequest() and osSetDynamicTextureURL*() script functions.
This is to address an issue where HTTP script functions could make calls to localhost and other endpoints inside the simulator's LAN.
By default, calls to all private addresses are now blocked as per http://en.wikipedia.org/wiki/Reserved_IP_addresses
If you require exceptions to this, configure [Network] OutboundDisallowForUserScriptsExcept in OpenSim.ini
Diffstat (limited to 'bin/OpenSim.ini.example')
| -rw-r--r-- | bin/OpenSim.ini.example | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index 1b5a4af..ebc0ff6 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example | |||
| @@ -486,6 +486,32 @@ | |||
| 486 | ;; the region ports use UDP. | 486 | ;; the region ports use UDP. |
| 487 | ; http_listener_port = 9000 | 487 | ; http_listener_port = 9000 |
| 488 | 488 | ||
| 489 | ; By default, OpenSimulator does not allow scripts to make HTTP calls to addresses on the simulator's LAN. | ||
| 490 | ; See the OutboundDisallowForUserScripts parameter in OpenSimDefaults.ini for more information on this filter. | ||
| 491 | ; If you need to allow scripts to make some LAN calls use the OutboundDisallowForUserScriptsExcept parameter below. | ||
| 492 | ; We recommend that you do not override OutboundDisallowForUserScripts directly unless you are very sure about what you're doing. | ||
| 493 | ; | ||
| 494 | ; You can whitelist individual endpoints by IP or FQDN, e.g. | ||
| 495 | ; | ||
| 496 | ; OutboundDisallowForUserScriptsExcept = 192.168.1.3:8003 | ||
| 497 | ; | ||
| 498 | ; You can specify multiple addresses by separating them with a bar. For example, | ||
| 499 | ; | ||
| 500 | ; OutboundDisallowForUserScriptsExcept = 192.168.1.3:8003|myinternalserver:8000 | ||
| 501 | ; | ||
| 502 | ; If an address if given without a port number then port 80 is assumed | ||
| 503 | ; | ||
| 504 | ; You can also specify a network range in CIDR notation to whitelist, e.g. | ||
| 505 | ; | ||
| 506 | ; OutboundDisallowForUserScriptsExcept = 192.168.1.0/24 | ||
| 507 | ; | ||
| 508 | ; to whitelist all ports on addresses 192.168.1.0 to 192.168.1.255 | ||
| 509 | ; To specify an individual IP address use the /32 netmask | ||
| 510 | ; | ||
| 511 | ; OutboundDisallowForUserScriptsExcept = 192.168.1.2/32 | ||
| 512 | ; | ||
| 513 | ; See http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation for more information on CIDR notation | ||
| 514 | |||
| 489 | ;# {ExternalHostNameForLSL} {} {Hostname to use for HTTP-IN URLs. This should be reachable from the internet.} {} | 515 | ;# {ExternalHostNameForLSL} {} {Hostname to use for HTTP-IN URLs. This should be reachable from the internet.} {} |
| 490 | ;; Hostname to use in llRequestURL/llRequestSecureURL | 516 | ;; Hostname to use in llRequestURL/llRequestSecureURL |
| 491 | ;; if not defined - default machine name is being used | 517 | ;; if not defined - default machine name is being used |