diff --git a/src/Umbraco.Web/Editors/KeepAliveController.cs b/src/Umbraco.Web/Editors/KeepAliveController.cs
index fa33abea44..b15621ee23 100644
--- a/src/Umbraco.Web/Editors/KeepAliveController.cs
+++ b/src/Umbraco.Web/Editors/KeepAliveController.cs
@@ -1,16 +1,13 @@
using System.Runtime.Serialization;
using System.Web.Http;
+using Umbraco.Web.Mvc;
using Umbraco.Web.WebApi;
namespace Umbraco.Web.Editors
{
- // fixme/task - deal with this
- // this is not authenticated, and therefore public, and therefore reveals we
- // are running Umbraco - but, all requests should come from localhost really,
- // so there should be a way to 404 when the request comes from the outside.
-
public class KeepAliveController : UmbracoApiController
{
+ [OnlyLocalRequests]
[HttpGet]
public KeepAlivePingResult Ping()
{
diff --git a/src/Umbraco.Web/Mvc/OnlyLocalRequestsAttribute.cs b/src/Umbraco.Web/Mvc/OnlyLocalRequestsAttribute.cs
new file mode 100644
index 0000000000..ed36e6e3df
--- /dev/null
+++ b/src/Umbraco.Web/Mvc/OnlyLocalRequestsAttribute.cs
@@ -0,0 +1,20 @@
+
+using System.Net;
+using System.Net.Http;
+using System.Web.Http;
+using System.Web.Http.Controllers;
+using System.Web.Http.Filters;
+
+namespace Umbraco.Web.Mvc
+{
+ public class OnlyLocalRequestsAttribute : ActionFilterAttribute
+ {
+ public override void OnActionExecuting(HttpActionContext actionContext)
+ {
+ if (!actionContext.Request.IsLocal())
+ {
+ throw new HttpResponseException(HttpStatusCode.NotFound);
+ }
+ }
+ }
+}
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index 6736f7512b..f924796d5f 100755
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -172,6 +172,7 @@
+