added peer IP address validation

[bak-git.git] / bak-git-server.pl

diff --git a/bak-git-server.pl b/bak-git-server.pl
index fac76b7..b4c7eec 100755 (executable)
--- a/bak-git-server.pl
+++ b/bak-git-server.pl
@@ -180,7 +180,14 @@ sub mkbasedir {
 while (my $client = $server->accept()) {
        my $line = <$client>;
        chomp($line);
-       warn "<<< $line\n";
+
+       my $peerhost = $client->peerhost;
+       if ( $peerhost !~ m/^(10\.13\.37\.|10\.60\.0\.)/ ) {
+               print $client "$peerhost not allowed\n";
+               next;
+       }
+
+       warn "<<< $peerhost $line\n";
        my ($user,$hostname,$pwd,$command,$rel_path,$message) = split(/\s+/,$line,6);
        $hostname =~ s/\..+$//;