From 00d4b32a1b0b2b6072e7b62eb52408044a2438d7 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 3 Apr 2024 10:06:43 +0200
Subject: [PATCH] [Web] deny api calls from sogo

---
 data/web/json_api.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/data/web/json_api.php b/data/web/json_api.php
index 28f8cac56..0240626a0 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -47,6 +47,14 @@ function api_log($_data) {
   }
 }
 
+// deny requests from /SOGo locations
+if (isset($_SERVER['HTTP_REFERER'])) {
+  if (strpos(strtolower($_SERVER['HTTP_REFERER']), '/sogo') !== false) {
+    header('HTTP/1.1 403 Forbidden');
+    exit;
+  }
+}
+
 if (isset($_GET['query'])) {
 
   $query = explode('/', $_GET['query']);