From f41f9d25d21183491d1c6d38dbb7714cbf393664 Mon Sep 17 00:00:00 2001
From: Andre Zoledziowski <az@zok.xyz>
Date: Mon, 21 Jan 2019 15:11:30 +0100
Subject: [PATCH] Fixed possible security problem.

---
 haproxy.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/haproxy.cfg b/haproxy.cfg
index 433d772..914b990 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -42,7 +42,7 @@ backend dockerbackend
 frontend dockerfrontend
     bind :2375
     http-request deny unless METH_GET || { env(POST) -m bool }
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[^/]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }
-- 
GitLab