From 14544d8d84a02b5952b0276065aadb77f9166dfa Mon Sep 17 00:00:00 2001
From: Krishna Srinivas <634494+krishnasrinivas@users.noreply.github.com>
Date: Tue, 12 Feb 2019 13:24:14 -0800
Subject: [PATCH] Validate incoming requests (#7234)

---
 cmd/storage-rest-common.go |  2 +-
 cmd/storage-rest-server.go | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/cmd/storage-rest-common.go b/cmd/storage-rest-common.go
index acdd9db59..737fd48c8 100644
--- a/cmd/storage-rest-common.go
+++ b/cmd/storage-rest-common.go
@@ -16,7 +16,7 @@
 
 package cmd
 
-const storageRESTVersion = "v3"
+const storageRESTVersion = "v4"
 const storageRESTPath = minioReservedBucketPath + "/storage/" + storageRESTVersion + "/"
 
 const (
diff --git a/cmd/storage-rest-server.go b/cmd/storage-rest-server.go
index fb6acc17c..4bb8a67af 100644
--- a/cmd/storage-rest-server.go
+++ b/cmd/storage-rest-server.go
@@ -43,8 +43,18 @@ func (s *storageRESTServer) writeErrorResponse(w http.ResponseWriter, err error)
 	w.Write([]byte(err.Error()))
 }
 
+// Authenticates storage client's requests.
+func storageServerRequestAuthenticate(r *http.Request) error {
+	_, _, err := webRequestAuthenticate(r)
+	return err
+}
+
 // IsValid - To authenticate and verify the time difference.
 func (s *storageRESTServer) IsValid(w http.ResponseWriter, r *http.Request) bool {
+	if err := storageServerRequestAuthenticate(r); err != nil {
+		w.WriteHeader(http.StatusForbidden)
+		return false
+	}
 	requestTimeStr := r.Header.Get("X-Minio-Time")
 	requestTime, err := time.Parse(time.RFC3339, requestTimeStr)
 	if err != nil {