From 7869c116a7fed4b9725b6e74f0b66a8b8a63fc7b Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 20 Jan 2022 09:52:27 +0100
Subject: [PATCH] Web application security measuers, explain where to disable
 rebind if needed (https://github.com/opnsense/core/issues/5481)

---
 src/etc/inc/authgui.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc
index 141506acf..1e2f7ac62 100644
--- a/src/etc/inc/authgui.inc
+++ b/src/etc/inc/authgui.inc
@@ -155,7 +155,7 @@ function session_auth()
     // check additional security measures
     if (empty($_SESSION['Username'])) {
         if (check_security_dns_rebind()) {
-            display_error_form(sprintf(gettext("A potential %sDNS Rebind attack%s has been detected.%sTry to access the router by IP address instead of by hostname."), '<a href="http://en.wikipedia.org/wiki/DNS_rebinding">', '</a>', '<br />'));
+            display_error_form(sprintf(gettext("A potential %sDNS Rebind attack%s has been detected.%sTry to access the router by IP address instead of by hostname.You can disable this check if needed under System: Settings: Administration."), '<a href="http://en.wikipedia.org/wiki/DNS_rebinding">', '</a>', '<br />'));
             exit;
         } elseif (check_security_http_referer_enforement()) {
             display_error_form(sprintf(