harmonize access restriction for urlproxy servlet

with proxy handler, what is currently
- use switched on in config
- access from a local IP / hostname

fix shutdown exception for crashprotection handler on interrupted connections.

source/net/yacy/http/AbstractRemoteHandler.java

@@ -33,7 +33,6 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import net.yacy.cora.protocol.Domains;
-import net.yacy.cora.util.ConcurrentLog;
 
 import net.yacy.search.Switchboard;
 
@@ -81,10 +80,10 @@ abstract public class AbstractRemoteHandler extends AbstractHandler implements H
     @Override
     public void handle(String target, Request baseRequest, HttpServletRequest request,
             HttpServletResponse response) throws IOException, ServletException {
+        
         String host = request.getHeader("Host");
         if (host == null) return; // no proxy request, continue processing by handlers
-        
-           
+                   
         int hostSplitPos = host.indexOf(':');
         String hostOnly = hostSplitPos < 0 ? host : host.substring(0, hostSplitPos);
 
@@ -98,7 +97,7 @@ abstract public class AbstractRemoteHandler extends AbstractHandler implements H
         InetAddress resolvedIP = Domains.dnsResolve(hostOnly); // during testing isLocal() failed to resolve domain against publicIP  
         if (sb.myPublicIP().equals(resolvedIP.getHostAddress())) {
             localVirtualHostNames.add(resolvedIP.getHostName()); // remember resolved hostname
-            //localVirtualHostNames.add(resolved.getHostAddress()); 
+            //localVirtualHostNames.add(resolved.getHostAddress()); // might change ?
             return;  
         }
 
@@ -113,12 +112,10 @@ abstract public class AbstractRemoteHandler extends AbstractHandler implements H
         }
         
         String remoteHost = request.getRemoteHost();
-        InetAddress remoteIP = Domains.dnsResolve(remoteHost);
-        if (!remoteIP.isAnyLocalAddress() && !remoteIP.isLoopbackAddress()) {
-            // access not from local IP 
-            // TODO: should .isLinkLocalAddress() be check ? & handle proxy account  ~ ? use proxyClient config instead fix of localIP?
+        if (!Domains.isThisHostIP(remoteHost)) { // isThisHostIP checks resolves & isAnyLocal & isLoopback IP
+            // TODO: handle proxy account  ~ ? use proxyClient config instead fix of localIP?
             response.sendError(HttpServletResponse.SC_FORBIDDEN,
-                    "proxy use not granted for IP " + remoteIP.getHostAddress() + " (see Server Proxy Access settings).");
+                    "proxy use not granted for IP " + request.getRemoteAddr() + " (see Server Proxy Access settings).");
             baseRequest.setHandled(true);
             return;
         }

source/net/yacy/http/CrashProtectionHandler.java

@@ -37,7 +37,12 @@ public class CrashProtectionHandler extends HandlerWrapper implements Handler, H
 	}
 	
 	private void writeResponse(HttpServletRequest request, HttpServletResponse response, Exception exc) throws IOException {
-            PrintWriter out = response.getWriter();
+            PrintWriter out;
+            try { // prevent exception after partial response (only getWriter not allowed if getOutputStream called before; Servlet API 3.0 )
+                out = response.getWriter();
+            } catch (IllegalStateException e) {
+                out = new PrintWriter(response.getOutputStream());
+            }
             out.println("Ops!");
             out.println();
             out.println("Message: " + exc.getMessage());

source/net/yacy/http/servlets/YaCyProxyServlet.java

@@ -5,7 +5,6 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.StringWriter;
-import java.net.InetAddress;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLDecoder;
@@ -45,10 +44,6 @@ import org.eclipse.jetty.servlets.ProxyServlet;
  * Servlet to implement proxy via url parameter "/proxy.html?url=xyz_urltoproxy"
  * this implementation uses the existing proxy functions from YaCy HTTPDProxyHandler
  * 
- * InitParameters
- *    ProxyHost : hostname of proxy host, default is "localhost"
- *    ProxyPort : port of the proxy host, default 8090
- * 
  * functionality
  *  - get parameters
  *  - convert headers to YaCy style headers and parameters
@@ -80,10 +75,18 @@ public class YaCyProxyServlet extends ProxyServlet implements Servlet {
         final HttpServletRequest request = (HttpServletRequest) req;
         final HttpServletResponse response = (HttpServletResponse) res;
 
-        String remoteHost = req.getRemoteHost();
-        InetAddress remoteIP = Domains.dnsResolve(remoteHost);
-        if (!remoteIP.isAnyLocalAddress()) throw new ServletException("access denied");
+        if (!Switchboard.getSwitchboard().getConfigBool("proxyURL", false)) {
+            response.sendError(HttpServletResponse.SC_FORBIDDEN,"proxy use not allowed.");
+            return;
+        }
         
+        String remoteHost = req.getRemoteHost();
+        if (!Domains.isThisHostIP(remoteHost)) {
+            response.sendError(HttpServletResponse.SC_FORBIDDEN,
+                    "proxy use not granted for IP " + req.getRemoteAddr());
+            return;
+        }
+
         if ("CONNECT".equalsIgnoreCase(request.getMethod())) {
             handleConnect(request, response);
         } else {