Merge pull request #1361 from pi-hole/new/error404page

Improve Error 404 page behavior

advanced/index.php

@@ -1,15 +1,42 @@
 <?php
 /* Detailed Pi-Hole Block Page: Show "Website Blocked" if user browses to site, but not to image/file requests based on the work of WaLLy3K for DietPi & Pi-Hole */
 
+function validIP($address){
+	if (preg_match('/[.:0]/', $address) && !preg_match('/[1-9a-f]/', $address)) {
+		// Test if address contains either `:` or `0` but not 1-9 or a-f
+		return false;
+	}
+	return !filter_var($address, FILTER_VALIDATE_IP) === false;
+}
+
 $uri = escapeshellcmd($_SERVER['REQUEST_URI']);
 $serverName = escapeshellcmd($_SERVER['SERVER_NAME']);
 
 // Retrieve server URI extension (EG: jpg, exe, php)
+ini_set('pcre.recursion_limit',100);
 $uriExt = pathinfo($uri, PATHINFO_EXTENSION);
 
 // Define which URL extensions get rendered as "Website Blocked"
 $webExt = array('asp', 'htm', 'html', 'php', 'rss', 'xml');
 
+$AUTHORIZED_HOSTNAMES = array(
+	$ipv4,
+	$ipv6,
+	str_replace(array("[","]"), array("",""), $_SERVER["SERVER_NAME"]),
+	"pi.hole",
+	"localhost");
+// Allow user set virtual hostnames
+$virtual_host = getenv('VIRTUAL_HOST');
+if (! empty($virtual_host))
+	array_push($AUTHORIZED_HOSTNAMES, $virtual_host);
+
+// Immediately quit since we didn't block this page (the IP address or pi.hole is explicitly requested)
+if(validIP($serverName) || in_array($serverName,$AUTHORIZED_HOSTNAMES))
+{
+	http_response_code(404);
+	die();
+}
+
 if(in_array($uriExt, $webExt) || empty($uriExt))
 {
 	// Requested resource has an extension listed in $webExt