After a security review of our new WordPress site it was pointed out that we're vulnerable to "External Service Redirecton - DNS". Specifically, if a URL is entered into the "Your Name" field of our Contact 7 Form then the testers have found that: "It was possible to induce the application to perform server-side DNS lookups of arbitrary domain names"
The suggested remedial action is to implement a whitelist of permitted services and hosts and to block interaction not on this whitelist.
I'm something of a newbie when it comes to this, and it occured to me (perhaps wrongly!) that there may be different whitelists; one for those who cannot enter the site, and a separate for sites to which our server is allowed to speak. Or does a whitelist imply both ways?
Anyway, all help on this gratefully received and I'm imagining this is something that's been done a zillion times before!
I'm using IIS and would prefer that answer, although Apache related help just as good because I've realised I can kind of 'translate' how to do it once I've got the idea.
Incidentally, we definitely want to avoid editing the Contact 7 form's code too much becasue this may be lost when we upgrade, even though I dare say this would fix the issue. Unfortunately the latest version has the same problem, although will let the Contact 7 team know to look into this. Would ideally like to use another form for data collection of this sort although i'm a part of a team that prevents this!
And so, in the meantime it appears that a whitelist solution will likely do the trick, any ideas on how to do that anyway?
Thanks in advance