Add wpad vulnerability fix as suggested by dnsmasq.conf.example

Signed-off-by: DL6ER <dl6er@dl6er.de>
2025-01-03 12:40:56 +00:00 · 2019-01-01 17:13:43 +01:00 · 2019-01-01 17:13:43 +01:00 · 04fd296ffe
commit 04fd296ffe
parent 8d85d46c1a
1 changed files with 5 additions and 0 deletions
--- a/advanced/01-pihole.conf
+++ b/advanced/01-pihole.conf
@ -46,3 +46,8 @@ log-facility=/var/log/pihole.log
 local-ttl=2

 log-async
+
+# If a DHCP client claims that its name is "wpad", ignore that.
+# This fixes a security hole. see CERT Vulnerability VU#598349
+dhcp-name-match=set:wpad-ignore,wpad
+dhcp-ignore-names=tag:wpad-ignore