mirror of
https://github.com/yacy/yacy_search_server.git
synced 2024-09-19 00:01:41 +02:00
harmonize access restriction for urlproxy servlet
with proxy handler, what is currently - use switched on in config - access from a local IP / hostname fix shutdown exception for crashprotection handler on interrupted connections.
This commit is contained in:
parent
e3d8459906
commit
cfabe8f67a
|
@ -33,7 +33,6 @@ import javax.servlet.ServletException;
|
|||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import net.yacy.cora.protocol.Domains;
|
||||
import net.yacy.cora.util.ConcurrentLog;
|
||||
|
||||
import net.yacy.search.Switchboard;
|
||||
|
||||
|
@ -81,10 +80,10 @@ abstract public class AbstractRemoteHandler extends AbstractHandler implements H
|
|||
@Override
|
||||
public void handle(String target, Request baseRequest, HttpServletRequest request,
|
||||
HttpServletResponse response) throws IOException, ServletException {
|
||||
|
||||
String host = request.getHeader("Host");
|
||||
if (host == null) return; // no proxy request, continue processing by handlers
|
||||
|
||||
|
||||
|
||||
int hostSplitPos = host.indexOf(':');
|
||||
String hostOnly = hostSplitPos < 0 ? host : host.substring(0, hostSplitPos);
|
||||
|
||||
|
@ -98,7 +97,7 @@ abstract public class AbstractRemoteHandler extends AbstractHandler implements H
|
|||
InetAddress resolvedIP = Domains.dnsResolve(hostOnly); // during testing isLocal() failed to resolve domain against publicIP
|
||||
if (sb.myPublicIP().equals(resolvedIP.getHostAddress())) {
|
||||
localVirtualHostNames.add(resolvedIP.getHostName()); // remember resolved hostname
|
||||
//localVirtualHostNames.add(resolved.getHostAddress());
|
||||
//localVirtualHostNames.add(resolved.getHostAddress()); // might change ?
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -113,12 +112,10 @@ abstract public class AbstractRemoteHandler extends AbstractHandler implements H
|
|||
}
|
||||
|
||||
String remoteHost = request.getRemoteHost();
|
||||
InetAddress remoteIP = Domains.dnsResolve(remoteHost);
|
||||
if (!remoteIP.isAnyLocalAddress() && !remoteIP.isLoopbackAddress()) {
|
||||
// access not from local IP
|
||||
// TODO: should .isLinkLocalAddress() be check ? & handle proxy account ~ ? use proxyClient config instead fix of localIP?
|
||||
if (!Domains.isThisHostIP(remoteHost)) { // isThisHostIP checks resolves & isAnyLocal & isLoopback IP
|
||||
// TODO: handle proxy account ~ ? use proxyClient config instead fix of localIP?
|
||||
response.sendError(HttpServletResponse.SC_FORBIDDEN,
|
||||
"proxy use not granted for IP " + remoteIP.getHostAddress() + " (see Server Proxy Access settings).");
|
||||
"proxy use not granted for IP " + request.getRemoteAddr() + " (see Server Proxy Access settings).");
|
||||
baseRequest.setHandled(true);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -37,7 +37,12 @@ public class CrashProtectionHandler extends HandlerWrapper implements Handler, H
|
|||
}
|
||||
|
||||
private void writeResponse(HttpServletRequest request, HttpServletResponse response, Exception exc) throws IOException {
|
||||
PrintWriter out = response.getWriter();
|
||||
PrintWriter out;
|
||||
try { // prevent exception after partial response (only getWriter not allowed if getOutputStream called before; Servlet API 3.0 )
|
||||
out = response.getWriter();
|
||||
} catch (IllegalStateException e) {
|
||||
out = new PrintWriter(response.getOutputStream());
|
||||
}
|
||||
out.println("Ops!");
|
||||
out.println();
|
||||
out.println("Message: " + exc.getMessage());
|
||||
|
|
|
@ -5,7 +5,6 @@ import java.io.ByteArrayOutputStream;
|
|||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.StringWriter;
|
||||
import java.net.InetAddress;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
import java.net.URLDecoder;
|
||||
|
@ -45,10 +44,6 @@ import org.eclipse.jetty.servlets.ProxyServlet;
|
|||
* Servlet to implement proxy via url parameter "/proxy.html?url=xyz_urltoproxy"
|
||||
* this implementation uses the existing proxy functions from YaCy HTTPDProxyHandler
|
||||
*
|
||||
* InitParameters
|
||||
* ProxyHost : hostname of proxy host, default is "localhost"
|
||||
* ProxyPort : port of the proxy host, default 8090
|
||||
*
|
||||
* functionality
|
||||
* - get parameters
|
||||
* - convert headers to YaCy style headers and parameters
|
||||
|
@ -80,10 +75,18 @@ public class YaCyProxyServlet extends ProxyServlet implements Servlet {
|
|||
final HttpServletRequest request = (HttpServletRequest) req;
|
||||
final HttpServletResponse response = (HttpServletResponse) res;
|
||||
|
||||
String remoteHost = req.getRemoteHost();
|
||||
InetAddress remoteIP = Domains.dnsResolve(remoteHost);
|
||||
if (!remoteIP.isAnyLocalAddress()) throw new ServletException("access denied");
|
||||
if (!Switchboard.getSwitchboard().getConfigBool("proxyURL", false)) {
|
||||
response.sendError(HttpServletResponse.SC_FORBIDDEN,"proxy use not allowed.");
|
||||
return;
|
||||
}
|
||||
|
||||
String remoteHost = req.getRemoteHost();
|
||||
if (!Domains.isThisHostIP(remoteHost)) {
|
||||
response.sendError(HttpServletResponse.SC_FORBIDDEN,
|
||||
"proxy use not granted for IP " + req.getRemoteAddr());
|
||||
return;
|
||||
}
|
||||
|
||||
if ("CONNECT".equalsIgnoreCase(request.getMethod())) {
|
||||
handleConnect(request, response);
|
||||
} else {
|
||||
|
|
Loading…
Reference in New Issue
Block a user