Security: improved referer check

Version 1.402

Feature
Finished

DirectAdmin already does a referer check on all requests: http://www.directadmin.com/features.php?id=1050 There is a case where, if an attacker already has access to create files on your website (meaning you've already been hacked), and you're logged into DA with that same host name, they could bypass DA's referrer check, since the hosts already match. The likelihood of being affected is low, but possible if you've got many insecure scripts on your website, your website has already been hacked, and you click a hacked page while being logged into DA, so we'll label the threat as medium. Also has improved checks on the Origin header.

Interested to try DirectAdmin? Get a 30-day Free Trial!