diff options
| author | Justin Clark-Casey (justincc) | 2015-03-04 17:51:11 +0000 |
|---|---|---|
| committer | Justin Clark-Casey (justincc) | 2015-03-04 18:27:51 +0000 |
| commit | 3255335c42ff348465d235a3ccf9558d0d6d414b (patch) | |
| tree | 5537a8bb51ef79f1b42a0a29e167da939630f434 /bin | |
| parent | Add outbound URL filter to llHttpRequest() and osSetDynamicTextureURL*() scri... (diff) | |
| download | opensim-SC_OLD-3255335c42ff348465d235a3ccf9558d0d6d414b.zip opensim-SC_OLD-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.gz opensim-SC_OLD-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.bz2 opensim-SC_OLD-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.xz | |
Make private services forbid llHTTPRequest() calls by rejecting those that have the X-SecondLife-Shard header.
If you need to enable this, set AllowHttpRequestIn = true in [Network] for all private services or individual [*Service] sections.
Diffstat (limited to 'bin')
| -rw-r--r-- | bin/Robust.HG.ini.example | 7 | ||||
| -rw-r--r-- | bin/Robust.ini.example | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index 5fa4026..872a7f8 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example | |||
| @@ -153,6 +153,13 @@ | |||
| 153 | ;; Hypergrid services are not affected by this; they are publicly available | 153 | ;; Hypergrid services are not affected by this; they are publicly available |
| 154 | ;; by design. | 154 | ;; by design. |
| 155 | 155 | ||
| 156 | ;; By default, scripts are not allowed to call private services via llHttpRequest() | ||
| 157 | ;; Such calls are detected by the X-SecondLife-Shared HTTP header | ||
| 158 | ;; If you allow such calls you must be sure that they are restricted to very trusted scripters | ||
| 159 | ;; (remember scripts can also be in visiting avatar attachments). | ||
| 160 | ;; This can be overriden in individual private service sections if necessary | ||
| 161 | AllowllHTTPRequestIn = false | ||
| 162 | |||
| 156 | ; * The following are for the remote console | 163 | ; * The following are for the remote console |
| 157 | ; * They have no effect for the local or basic console types | 164 | ; * They have no effect for the local or basic console types |
| 158 | ; * Leave commented to diable logins to the console | 165 | ; * Leave commented to diable logins to the console |
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example index a0b8f50..48deeae 100644 --- a/bin/Robust.ini.example +++ b/bin/Robust.ini.example | |||
| @@ -129,6 +129,13 @@ | |||
| 129 | ;; This is useful in cases where you want to protect most of the services, | 129 | ;; This is useful in cases where you want to protect most of the services, |
| 130 | ;; but unprotect individual services. Username and Password can also be | 130 | ;; but unprotect individual services. Username and Password can also be |
| 131 | ;; overriden if you want to use different credentials for the different services. | 131 | ;; overriden if you want to use different credentials for the different services. |
| 132 | |||
| 133 | ;; By default, scripts are not allowed to call private services via llHttpRequest() | ||
| 134 | ;; Such calls are detected by the X-SecondLife-Shared HTTP header | ||
| 135 | ;; If you allow such calls you must be sure that they are restricted to very trusted scripters | ||
| 136 | ;; (remember scripts can also be in visiting avatar attachments). | ||
| 137 | ;; This can be overriden in individual private service sections if necessary | ||
| 138 | AllowllHTTPRequestIn = false | ||
| 132 | 139 | ||
| 133 | ; * The following are for the remote console | 140 | ; * The following are for the remote console |
| 134 | ; * They have no effect for the local or basic console types | 141 | ; * They have no effect for the local or basic console types |