[Real world security] Http connections possible to local server network

[JLLeitschuh]

I haven't looked at the code to see if this has already been guarded against but I want to bring it to someone's attention in case it hasn't been.

There are certain things you may not want your server users able to poke around with. For example, most routers are running on 192.168.1.1. I really don't want people on my server able to poke around and access my router's admin console (I have a password but let's be honest here, how many people actually change the default password).

Many people running servers probably aren't using a hosting service and having http/tcp enabled currently gives players full access to the server's internal network.

It's a simple bit of code to have your users tinkering with the server hosters router.

I opened a similar issue against the computercraft mod.
dan200/ComputerCraft#170

[Pwootage]

There is a domain blacklist, and by default it blocks local IPs

(e.g. https://github.com/MightyPirates/OpenComputers/blob/master-MC1.7.10/src/main/resources/application.conf#L927-L946 )

[magik6k]

As noted above, this is not a possible by default.

[JLLeitschuh]

Good. Thanks! I just wanted to make sure.