added flag for YaCyHop - proxy access for all paths that start with /yacy/

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@3304 6c8d7289-2bf4-0310-a012-ef5d649a1542

htroot/SearchStatistics_p.java

@@ -114,7 +114,7 @@ public class SearchStatistics_p {
                 prop.put("page_list_" + entCount + "_host", host);
                 if (page == 4) {
                     yacySeed remotepeer = yacyCore.seedDB.lookupByIP(natLib.getInetAddress(host), true, true, true);
-                    prop.put("page_list_" + entCount + "_peername", remotepeer.getName());
+                    prop.put("page_list_" + entCount + "_peername", (remotepeer == null) ? "UNKNOWN" : remotepeer.getName());
                 }
                 prop.put("page_list_" + entCount + "_count", new Integer(handles.size()).toString());
                 prop.put("page_list_" + entCount + "_dates", handlestring);

source/de/anomic/http/httpd.java

@@ -119,6 +119,7 @@ public final class httpd implements serverHandler {
     private InetAddress userAddress;     // the address of the client
     private boolean allowProxy;
     private boolean allowServer;
+    private boolean allowYaCyHop;
     
     // for authentication
     private boolean use_proxyAccounts = false;
@@ -166,6 +167,7 @@ public final class httpd implements serverHandler {
         this.userAddress = null;
         this.allowProxy = false;
         this.allowServer = false;
+        this.allowYaCyHop = false;
         this.proxyAccounts_init = false;
         this.serverAccountBase64MD5 = null;
         this.clientIP = null;
@@ -192,9 +194,10 @@ public final class httpd implements serverHandler {
         
         this.allowProxy = (proxyClient.equals("*")) ? true : match(this.clientIP, proxyClient);
         this.allowServer = (serverClient.equals("*")) ? true : match(this.clientIP, serverClient);
+        this.allowYaCyHop = switchboard.getConfigBool("YaCyHop", false);
         
         // check if we want to allow this socket to connect us
-        if (!(this.allowProxy || this.allowServer)) {
+        if (!(this.allowProxy || this.allowServer || this.allowYaCyHop)) {
             String errorMsg = "CONNECTION FROM " + this.clientIP + " FORBIDDEN";
             this.log.logWarning(errorMsg);
             throw new IOException(errorMsg);
@@ -449,11 +452,9 @@ public final class httpd implements serverHandler {
                 }
             } else {
                 // pass to proxy
-                if (this.allowProxy) {
-                    if (this.handleProxyAuthentication(header)) {
-                        if (proxyHandler != null) proxyHandler = new httpdProxyHandler(switchboard); 
-                        proxyHandler.doGet(this.prop, header, this.session.out);
-                    }
+                if (((this.allowYaCyHop) && (this.prop.getProperty(httpHeader.CONNECTION_PROP_PATH, "").startsWith("/yacy/"))) ||
+                    ((this.allowProxy) && (this.handleProxyAuthentication(header)))) {
+                    proxyHandler.doGet(this.prop, header, this.session.out);
                 } else {
                     // not authorized through firewall blocking (ip does not match filter)
                     this.session.out.write((httpVersion + " 403 refused (IP not granted)" + serverCore.crlfString + serverCore.crlfString + "you are not allowed to connect to this proxy, because you are using the non-granted IP " + clientIP + ". allowed are only connections that match with the following filter: " + switchboard.getConfig("proxyClient", "*") + serverCore.crlfString).getBytes());
@@ -524,11 +525,9 @@ public final class httpd implements serverHandler {
                 }
             } else {
                 // pass to proxy
-                if (allowProxy) {
-                    if (handleProxyAuthentication(header)) {
-                        if (proxyHandler != null) proxyHandler = new httpdProxyHandler(switchboard); 
-                        proxyHandler.doHead(prop, header, this.session.out);
-                    }
+                if (((this.allowYaCyHop) && (this.prop.getProperty(httpHeader.CONNECTION_PROP_PATH, "").startsWith("/yacy/"))) ||
+                    ((this.allowProxy) && (this.handleProxyAuthentication(header)))) {
+                    proxyHandler.doHead(prop, header, this.session.out);
                 } else {
                     // not authorized through firewall blocking (ip does not match filter)
                     session.out.write((httpVersion + " 403 refused (IP not granted)" +
@@ -608,11 +607,9 @@ public final class httpd implements serverHandler {
                 }
             } else {
                 // pass to proxy
-                if (allowProxy) {
-                    if (handleProxyAuthentication(header)) {
-                        if (proxyHandler != null) proxyHandler = new httpdProxyHandler(switchboard); 
-                        proxyHandler.doPost(prop, header, this.session.out, this.session.in);
-                    }
+                if (((this.allowYaCyHop) && (this.prop.getProperty(httpHeader.CONNECTION_PROP_PATH, "").startsWith("/yacy/"))) ||
+                    ((this.allowProxy) && (this.handleProxyAuthentication(header)))) {
+                    proxyHandler.doPost(prop, header, this.session.out, this.session.in);
                 } else {
                     // not authorized through firewall blocking (ip does not match filter)
                     session.out.write((httpVersion + " 403 refused (IP not granted)" + serverCore.crlfString + serverCore.crlfString + "you are not allowed to connect to this proxy, because you are using the non-granted IP " + clientIP + ". allowed are only connections that match with the following filter: " + switchboard.getConfig("proxyClient", "*") + serverCore.crlfString).getBytes());
@@ -677,11 +674,9 @@ public final class httpd implements serverHandler {
         }
         
         // pass to proxy
-        if (allowProxy) {
-            if (handleProxyAuthentication(header)) {
-                if (proxyHandler != null) proxyHandler = new httpdProxyHandler(switchboard); 
-                proxyHandler.doConnect(prop, header, this.session.in, this.session.out);
-            } 
+        if (((this.allowYaCyHop) && (this.prop.getProperty(httpHeader.CONNECTION_PROP_PATH, "").startsWith("/yacy/"))) ||
+            ((this.allowProxy) && (this.handleProxyAuthentication(header)))) {
+            proxyHandler.doConnect(prop, header, this.session.in, this.session.out);
         } else {
             // not authorized through firewall blocking (ip does not match filter)
             session.out.write((httpVersion + " 403 refused (IP not granted)" + serverCore.crlfString + serverCore.crlfString + "you are not allowed to connect to this proxy, because you are using the non-granted IP " + clientIP + ". allowed are only connections that match with the following filter: " + switchboard.getConfig("proxyClient", "*") + serverCore.crlfString).getBytes());

source/de/anomic/http/httpdProxyHandler.java

@@ -122,14 +122,6 @@ public final class httpdProxyHandler extends httpdAbstractHandler implements htt
     private static boolean redirectorEnabled=false;
     private static PrintWriter redirectorWriter;
     private static BufferedReader redirectorReader;
-//    public static boolean remoteProxyUse = false;
-//    public static String remoteProxyHost = "";
-//    public static int remoteProxyPort = -1;
-//    public static String remoteProxyNoProxy = "";
-//    public static String[] remoteProxyNoProxyPatterns = null;
-
-//    private static final HashSet remoteProxyAllowProxySet = new HashSet();
-//    private static final HashSet remoteProxyDisallowProxySet = new HashSet();    
 
     private static htmlFilterTransformer transformer = null;
     public static final String proxyUserAgent = "yacy (" + httpc.systemOST +") yacy.net";

yacy.init

@@ -144,14 +144,6 @@ fileHost = localpeer
 # specify the path to the MIME matching file table
 mimeConfig = httpd.mime
 
-# UNUSED:
-# specify the path to message resource file
-messConfig = httpd.messages
-
-# proxy use. This server can also act as an caching proxy.
-# to enable that function, set proxy=true
-proxy=true
-
 # a path to the file cache, used for the internal proxy and as crawl buffer
 # This will be used if the server is addressed as a proxy
 proxyCache = DATA/HTCACHE
@@ -178,7 +170,6 @@ proxyCacheLayout = hash
 # the migration flag shows, if the different layout shall be migrated from one to another
 proxyCacheMigration = true
 
-
 # the following mime-types are the whitelist for indexing
 #
 # parseableRealtimeMimeTypes: specifies mime-types that can be indexed on the fly
@@ -190,7 +181,6 @@ parseableMimeTypes.PROXY=
 parseableMimeTypes.ICAP=
 parseableMimeTypes.URLREDIRECTOR=
 
-
 # media extension string
 # a comma-separated list of extensions that denote media file formats
 # this is important to recognize <a href> - tags as not-html reference
@@ -275,6 +265,14 @@ proxyBlueList=yacy.blue
 #proxyClient=192.168.0.4
 proxyClient=localhost,127.0.0.1,192.168.*,10.*
 
+# YaCyHop: allow public usage of proxy for yacy-protocol
+# this enables usage of the internal http proxy for everyone,
+# if the file path starts with /yacy/
+# This is used to enable anonymization of yacy protocol requests
+# Instead of asking a remote peer directly, a peer in between is asked
+# to prevent that the asked peer knows which peer asks.
+YaCyHop=true
+
 # serverClient: client-ip's that may connect to the web server,
 # thus are allowed to use the search service
 # if you set this to another value, search requst from others
@@ -282,13 +280,6 @@ proxyClient=localhost,127.0.0.1,192.168.*,10.*
 # search services.
 serverClient=*
 
-### proxyAccount: a user:password - pair for proxy authentification
-### leave empty for no authenication
-### example:
-##proxyAccount=jim:knopf
-##proxyAccount=
-##proxyAccountBase64MD5=
-
 # use_proxyAccounts: set to true to restrict proxy-access to some identified users.
 #use User_p.html to create some Users.
 use_proxyAccounts=false