Merge pull request #3477 from kaitozaw/issue/3091-host-name-validation

Fixes issue/host-name-validation (#3091)
2026-01-02 19:46:52 +10:00
parent 0680a51ad0 cbd9292331
commit 6d57165f63
1 changed files with 13 additions and 0 deletions
--- a/core/main/router/router.rb
+++ b/core/main/router/router.rb
@@ -14,6 +14,19 @@ module BeEF

        configure do
          set :show_exceptions, false
+
+          # Configure Rack::Protection::HostAuthorization.
+          # Allow Rack development defaults and dynamically permit the public host
+          # defined by beef.http.public.host to prevent "Host not permitted" errors.
+          permitted = [
+            '.localhost',
+            '.test',
+            IPAddr.new('0.0.0.0/0'),
+            IPAddr.new('::/0')
+          ]
+          public_host = config.get('beef.http.public.host').to_s.strip
+          permitted << public_host unless public_host.empty?
+          set :host_authorization, { permitted_hosts: permitted }
        end

        # @note Override default 404 HTTP response