DNS rebinding protection #830
Replies: 1 comment 1 reply
-
|
I have the same question. I deploy some services in various network topologies and in some configurations (especially local dev) we will need to opt out of this protection - completly removing the option would be quite painful. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
It looks like there was a duplicate discussion creation. Let's continue it in #831. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Pre-submission Checklist
Question Category
Your Question
The v1.4.0 version has introduced DNS rebinding protection
To be able to access my local development environment via a custom domain ( dev.local.com ), I create a DNS lookup locally to point localhost to dev.local.com, but with above update this causes it to break as reaching
dev.local.comgives 403 or forbidden error.Updating the server for one of the option
DisableLocalhostProtectionto true or usingMCPGODEBUGenv variable bypasses this and resolves my issue since for this case it's not exactly a rebinding attackAs part of release notes for v1.40, the Introduced DNS rebinding protection section states that The option to remove this protection will be removed in v1.6.0. But the question what exactly will be removed ? The
DisableLocalhostProtectionparam or support forMCPGODEBUGenv variable or both ?Beta Was this translation helpful? Give feedback.
All reactions