I'm trying to block all non-localhost attempts to access a Webrick process. This is my current code
def do_GET(req, res)
host_name = "localhost:3344".split(":")[0]
if host_name != "localhost" && host_name != "127.0.0.1"
puts "Security alert, accessing through #{host_name}"
return
else
puts "we're fine, #{host_name}"
end
# etc.
Is this easy to break? My thought is that the hostname is hard to spoof to the webserver itself.
Maybe just bind the server to the localhost ip address 127.0.0.1 and then you wont have to worry about non-localhost connections:
s = WEBrick::HTTPServer.new( :Port => 3344, :BindAddress => "127.0.0.1" )
s.start
(the above code is off the top of my head but im sure you get the idea)