diff options
| author | Justin Clark-Casey (justincc) | 2015-03-04 17:43:00 +0000 |
|---|---|---|
| committer | Justin Clark-Casey (justincc) | 2015-03-04 18:27:50 +0000 |
| commit | 7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda (patch) | |
| tree | e50126a4e6c23ac747bf0842774538dc731d2d85 /bin/OpenSimDefaults.ini | |
| parent | usability fixes for LSL API (diff) | |
| download | opensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.zip opensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.gz opensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.bz2 opensim-SC_OLD-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.xz | |
Add outbound URL filter to llHttpRequest() and osSetDynamicTextureURL*() script functions.
This is to address an issue where HTTP script functions could make calls to localhost and other endpoints inside the simulator's LAN.
By default, calls to all private addresses are now blocked as per http://en.wikipedia.org/wiki/Reserved_IP_addresses
If you require exceptions to this, configure [Network] OutboundDisallowForUserScriptsExcept in OpenSim.ini
Diffstat (limited to 'bin/OpenSimDefaults.ini')
| -rw-r--r-- | bin/OpenSimDefaults.ini | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini index 4faf7f3..af37ccc 100644 --- a/bin/OpenSimDefaults.ini +++ b/bin/OpenSimDefaults.ini | |||
| @@ -492,6 +492,26 @@ | |||
| 492 | ; (on Windows this mean NETBIOS name - useably only inside local network) | 492 | ; (on Windows this mean NETBIOS name - useably only inside local network) |
| 493 | ; ExternalHostNameForLSL=127.0.0.1 | 493 | ; ExternalHostNameForLSL=127.0.0.1 |
| 494 | 494 | ||
| 495 | ; Disallow the following address ranges for user scripting calls (e.g. llHttpRequest()) | ||
| 496 | ; This is based on http://en.wikipedia.org/wiki/Reserved_IP_addresses | ||
| 497 | ; This stops users making HTTP calls to machines in the simulator's local network. | ||
| 498 | ; If you need to allow some LAN calls we recommend you use OutboundDisallowForUserScriptsExcept documented in OpenSim.ini.example | ||
| 499 | ; If you override OutboundDisallowForUserScripts directly you need to be very careful. | ||
| 500 | ; | ||
| 501 | ; Network ranges are specified in CIDR notation (http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation) with multiple entries separated by | | ||
| 502 | ; To specify an individual IP address use the /32 netmask (e.g. 192.168.1.3/32) | ||
| 503 | ; You can also specify individual <addr>:<port> endpoints (e.g. 192.168.1.3:8003) | ||
| 504 | ; If an address if given without a port number then port 80 is assumed. | ||
| 505 | OutboundDisallowForUserScripts = 0.0.0.0/8|10.0.0.0/8|100.64.0.0/10|127.0.0.0/8|169.254.0.0/16|172.16.0.0/12|192.0.0.0/24|192.0.2.0/24|192.88.99.0/24|192.168.0.0/16|198.18.0.0/15|198.51.100.0/24|203.0.113.0/24|224.0.0.0/4|240.0.0.0/4|255.255.255.255/32 | ||
| 506 | ; | ||
| 507 | ; You can also prevent all user script outgoing calls with the following override in OpenSim.ini | ||
| 508 | ; | ||
| 509 | ; OutboundDisallowForUserScripts = 0.0.0.0/0 | ||
| 510 | ; | ||
| 511 | ; You can also disable the blacklist entirely with an empty entry | ||
| 512 | ; | ||
| 513 | ; OutboundDisallowForUserScripts = "" | ||
| 514 | |||
| 495 | ; What is reported as the "X-Secondlife-Shard" | 515 | ; What is reported as the "X-Secondlife-Shard" |
| 496 | ; Defaults to the user server url if not set | 516 | ; Defaults to the user server url if not set |
| 497 | ; The old default is "OpenSim", set here for compatibility | 517 | ; The old default is "OpenSim", set here for compatibility |