From c99185f60f5f8683ca5e0a66c2e400ad1c80e04c Mon Sep 17 00:00:00 2001
From: Jayc <mjayachand@gmail.com>
Date: Fri, 15 Sep 2023 23:54:22 +0530
Subject: [PATCH] block ips starting with localhost octet

---
 src/util/utils.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/util/utils.js b/src/util/utils.js
index be94d98f2e..85f8e5a877 100644
--- a/src/util/utils.js
+++ b/src/util/utils.js
@@ -37,8 +37,8 @@ const staticLookup = (transformerVersionId) => async (hostname, _, cb) => {
   }
 
   for (const ip of ips) {
-    if (ip.includes(LOCALHOST_IP)) {
-      cb(null, `cannot use ${LOCALHOST_IP} as IP address`, RECORD_TYPE_A);
+    if (ip.startsWith('127.')) {
+      cb(null, `cannot use ${ip} as IP address`, RECORD_TYPE_A);
       return;
     }
   }
@@ -55,7 +55,7 @@ const blockLocalhostRequests = (url) => {
   try {
     const parseUrl = new URL(url);
     const { hostname } = parseUrl;
-    if (LOCAL_HOST_NAMES_LIST.includes(hostname)) {
+    if (LOCAL_HOST_NAMES_LIST.includes(hostname) || hostname.startsWith('127.')) {
       throw new Error('localhost requests are not allowed');
     }
     if (BLOCK_HOST_NAMES_LIST.includes(hostname)) {