From 8085abdf38ebbf5974b49eaa07adc42c2456daa6 Mon Sep 17 00:00:00 2001
From: Eric Schultz <eric@startuperic.com>
Date: Fri, 30 Aug 2019 14:31:23 -0500
Subject: [PATCH] improve locking down unauthorized folders

---
 auth_request.php | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/auth_request.php b/auth_request.php
index e1473cd7e..2b335362c 100644
--- a/auth_request.php
+++ b/auth_request.php
@@ -7,7 +7,26 @@ if (isset($_SESSION["unraid_login"])) {
   exit;
 }
 
-$arrWhitelist = ['/webGui/styles/','/webGui/images/case-model.png'];
+$arrWhitelist = [
+  '/webGui/styles/clear-sans-bold-italic.eot',
+  '/webGui/styles/clear-sans-bold-italic.woff',
+  '/webGui/styles/clear-sans-bold-italic.ttf',
+  '/webGui/styles/clear-sans-bold-italic.svg',
+  '/webGui/styles/clear-sans-bold.eot',
+  '/webGui/styles/clear-sans-bold.woff',
+  '/webGui/styles/clear-sans-bold.ttf',
+  '/webGui/styles/clear-sans-bold.svg',
+  '/webGui/styles/clear-sans-italic.eot',
+  '/webGui/styles/clear-sans-italic.woff',
+  '/webGui/styles/clear-sans-italic.ttf',
+  '/webGui/styles/clear-sans-italic.svg',
+  '/webGui/styles/clear-sans.eot',
+  '/webGui/styles/clear-sans.woff',
+  '/webGui/styles/clear-sans.ttf',
+  '/webGui/styles/clear-sans.svg',
+  '/webGui/styles/default-cases.css',
+  '/webGui/images/case-model.png'
+];
 foreach ($arrWhitelist as $strWhitelist) {
   if (strpos($_SERVER['REQUEST_URI'], $strWhitelist) === 0) {
     http_response_code(200);