Marown/yacy_search_server
1
0
Fork 0
mirror of https://github.com/yacy/yacy_search_server.git synced 2024-09-19 00:01:41 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

more protection against remote shutdown attacks: prevent loading using the crawler

Browse Source 
git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@4829 6c8d7289-2bf4-0310-a012-ef5d649a1542
This commit is contained in:
orbiter 2008-05-19 23:05:19 +00:00
parent c1d721dd2d
commit d9d1c8de70
2 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
htroot/Collage.java
View File

@ -42,8 +42,10 @@ import java.util.Random;
import de.anomic.crawler.ResultImages;
import de.anomic.http.httpHeader;
import de.anomic.plasma.plasmaSwitchboard;
import de.anomic.server.serverCore;
import de.anomic.server.serverObjects;
import de.anomic.server.serverSwitch;
import de.anomic.yacy.yacyURL;
public class Collage {
private static int fifoMax = 20;
@ -98,20 +100,30 @@ public class Collage {
if (fifoSize > 0) {
prop.put("imgurl", "1");
for (int i = 0; i < fifoSize; i++)
prop.put("imgurl_list_" + i + "_url",
"<a href=\"" + origins[i].baseURL.toNormalform(true, false) + "\">"
+ "<img src=\"" + origins[i].imageEntry.url().toNormalform(true, false) + "\" "
int c = 0;
for (int i = 0; i < fifoSize; i++) {
yacyURL baseURL = origins[i].baseURL;
yacyURL imageURL = origins[i].imageEntry.url();
// check if this loads a page from localhost, which must be prevented to protect the server
// against attacks to the administration interface when localhost access is granted
if ((serverCore.isLocalhost(baseURL.getHost()) || serverCore.isLocalhost(imageURL.getHost())) &&
sb.getConfigBool("adminAccountForLocalhost", false)) continue;
prop.put("imgurl_list_" + c + "_url",
"<a href=\"" + baseURL.toNormalform(true, false) + "\">"
+ "<img src=\"" + imageURL.toNormalform(true, false) + "\" "
+ "style=\""
+ ((imgWidth[i] == 0 || imgHeight[i] == 0) ? "" : "width:" + imgWidth[i] + "px;height:" + imgHeight[i] + "px;")
+ "position:absolute;top:" + imgPosY[i]
+ "px;left:" + imgPosX[i]
+ "px;z-index:" + imgZIndex[i] + "\""
+ "title=\"" + origins[i].baseURL.toNormalform(true, false) + "\">"
+ "title=\"" + baseURL.toNormalform(true, false) + "\">"
+ "</a><br>");
prop.put("imgurl_list", fifoSize);
c++;
}
prop.put("imgurl_list", c);
} else {
prop.put("imgurl", "0");
}

5
source/de/anomic/crawler/ProtocolLoader.java
View File

@ -34,6 +34,7 @@ import java.util.concurrent.ConcurrentHashMap;
import de.anomic.plasma.plasmaHTCache;
import de.anomic.plasma.plasmaSwitchboard;
import de.anomic.server.serverCore;
import de.anomic.server.logging.serverLog;
public final class ProtocolLoader {
@ -72,6 +73,10 @@ public final class ProtocolLoader {
String protocol = entry.url().getProtocol();
String host = entry.url().getHost();
// check if this loads a page from localhost, which must be prevented to protect the server
// against attacks to the administration interface when localhost access is granted
if (serverCore.isLocalhost(host) && sb.getConfigBool("adminAccountForLocalhost", false)) return null;
// check access time
if (!entry.url().isLocal()) {
Long lastAccess = accessTime.get(host);