From 47ab83a7c02ea37936cbcad68fd58881f2ebaafa Mon Sep 17 00:00:00 2001 From: orbiter Date: Wed, 31 Jan 2007 00:09:51 +0000 Subject: [PATCH] added flag for YaCyHop - proxy access for all paths that start with /yacy/ git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@3304 6c8d7289-2bf4-0310-a012-ef5d649a1542 --- htroot/SearchStatistics_p.java | 2 +- source/de/anomic/http/httpd.java | 37 +++++++++----------- source/de/anomic/http/httpdProxyHandler.java | 8 ----- yacy.init | 25 +++++-------- 4 files changed, 25 insertions(+), 47 deletions(-) diff --git a/htroot/SearchStatistics_p.java b/htroot/SearchStatistics_p.java index c16c5db88..4d514c888 100644 --- a/htroot/SearchStatistics_p.java +++ b/htroot/SearchStatistics_p.java @@ -114,7 +114,7 @@ public class SearchStatistics_p { prop.put("page_list_" + entCount + "_host", host); if (page == 4) { yacySeed remotepeer = yacyCore.seedDB.lookupByIP(natLib.getInetAddress(host), true, true, true); - prop.put("page_list_" + entCount + "_peername", remotepeer.getName()); + prop.put("page_list_" + entCount + "_peername", (remotepeer == null) ? "UNKNOWN" : remotepeer.getName()); } prop.put("page_list_" + entCount + "_count", new Integer(handles.size()).toString()); prop.put("page_list_" + entCount + "_dates", handlestring); diff --git a/source/de/anomic/http/httpd.java b/source/de/anomic/http/httpd.java index eb2aa04b4..8bea5f51d 100644 --- a/source/de/anomic/http/httpd.java +++ b/source/de/anomic/http/httpd.java @@ -119,6 +119,7 @@ public final class httpd implements serverHandler { private InetAddress userAddress; // the address of the client private boolean allowProxy; private boolean allowServer; + private boolean allowYaCyHop; // for authentication private boolean use_proxyAccounts = false; @@ -166,6 +167,7 @@ public final class httpd implements serverHandler { this.userAddress = null; this.allowProxy = false; this.allowServer = false; + this.allowYaCyHop = false; this.proxyAccounts_init = false; this.serverAccountBase64MD5 = null; this.clientIP = null; @@ -192,9 +194,10 @@ public final class httpd implements serverHandler { this.allowProxy = (proxyClient.equals("*")) ? true : match(this.clientIP, proxyClient); this.allowServer = (serverClient.equals("*")) ? true : match(this.clientIP, serverClient); + this.allowYaCyHop = switchboard.getConfigBool("YaCyHop", false); // check if we want to allow this socket to connect us - if (!(this.allowProxy || this.allowServer)) { + if (!(this.allowProxy || this.allowServer || this.allowYaCyHop)) { String errorMsg = "CONNECTION FROM " + this.clientIP + " FORBIDDEN"; this.log.logWarning(errorMsg); throw new IOException(errorMsg); @@ -449,11 +452,9 @@ public final class httpd implements serverHandler { } } else { // pass to proxy - if (this.allowProxy) { - if (this.handleProxyAuthentication(header)) { - if (proxyHandler != null) proxyHandler = new httpdProxyHandler(switchboard); - proxyHandler.doGet(this.prop, header, this.session.out); - } + if (((this.allowYaCyHop) && (this.prop.getProperty(httpHeader.CONNECTION_PROP_PATH, "").startsWith("/yacy/"))) || + ((this.allowProxy) && (this.handleProxyAuthentication(header)))) { + proxyHandler.doGet(this.prop, header, this.session.out); } else { // not authorized through firewall blocking (ip does not match filter) this.session.out.write((httpVersion + " 403 refused (IP not granted)" + serverCore.crlfString + serverCore.crlfString + "you are not allowed to connect to this proxy, because you are using the non-granted IP " + clientIP + ". allowed are only connections that match with the following filter: " + switchboard.getConfig("proxyClient", "*") + serverCore.crlfString).getBytes()); @@ -524,11 +525,9 @@ public final class httpd implements serverHandler { } } else { // pass to proxy - if (allowProxy) { - if (handleProxyAuthentication(header)) { - if (proxyHandler != null) proxyHandler = new httpdProxyHandler(switchboard); - proxyHandler.doHead(prop, header, this.session.out); - } + if (((this.allowYaCyHop) && (this.prop.getProperty(httpHeader.CONNECTION_PROP_PATH, "").startsWith("/yacy/"))) || + ((this.allowProxy) && (this.handleProxyAuthentication(header)))) { + proxyHandler.doHead(prop, header, this.session.out); } else { // not authorized through firewall blocking (ip does not match filter) session.out.write((httpVersion + " 403 refused (IP not granted)" + @@ -608,11 +607,9 @@ public final class httpd implements serverHandler { } } else { // pass to proxy - if (allowProxy) { - if (handleProxyAuthentication(header)) { - if (proxyHandler != null) proxyHandler = new httpdProxyHandler(switchboard); - proxyHandler.doPost(prop, header, this.session.out, this.session.in); - } + if (((this.allowYaCyHop) && (this.prop.getProperty(httpHeader.CONNECTION_PROP_PATH, "").startsWith("/yacy/"))) || + ((this.allowProxy) && (this.handleProxyAuthentication(header)))) { + proxyHandler.doPost(prop, header, this.session.out, this.session.in); } else { // not authorized through firewall blocking (ip does not match filter) session.out.write((httpVersion + " 403 refused (IP not granted)" + serverCore.crlfString + serverCore.crlfString + "you are not allowed to connect to this proxy, because you are using the non-granted IP " + clientIP + ". allowed are only connections that match with the following filter: " + switchboard.getConfig("proxyClient", "*") + serverCore.crlfString).getBytes()); @@ -677,11 +674,9 @@ public final class httpd implements serverHandler { } // pass to proxy - if (allowProxy) { - if (handleProxyAuthentication(header)) { - if (proxyHandler != null) proxyHandler = new httpdProxyHandler(switchboard); - proxyHandler.doConnect(prop, header, this.session.in, this.session.out); - } + if (((this.allowYaCyHop) && (this.prop.getProperty(httpHeader.CONNECTION_PROP_PATH, "").startsWith("/yacy/"))) || + ((this.allowProxy) && (this.handleProxyAuthentication(header)))) { + proxyHandler.doConnect(prop, header, this.session.in, this.session.out); } else { // not authorized through firewall blocking (ip does not match filter) session.out.write((httpVersion + " 403 refused (IP not granted)" + serverCore.crlfString + serverCore.crlfString + "you are not allowed to connect to this proxy, because you are using the non-granted IP " + clientIP + ". allowed are only connections that match with the following filter: " + switchboard.getConfig("proxyClient", "*") + serverCore.crlfString).getBytes()); diff --git a/source/de/anomic/http/httpdProxyHandler.java b/source/de/anomic/http/httpdProxyHandler.java index 985061575..e0032499f 100644 --- a/source/de/anomic/http/httpdProxyHandler.java +++ b/source/de/anomic/http/httpdProxyHandler.java @@ -122,14 +122,6 @@ public final class httpdProxyHandler extends httpdAbstractHandler implements htt private static boolean redirectorEnabled=false; private static PrintWriter redirectorWriter; private static BufferedReader redirectorReader; -// public static boolean remoteProxyUse = false; -// public static String remoteProxyHost = ""; -// public static int remoteProxyPort = -1; -// public static String remoteProxyNoProxy = ""; -// public static String[] remoteProxyNoProxyPatterns = null; - -// private static final HashSet remoteProxyAllowProxySet = new HashSet(); -// private static final HashSet remoteProxyDisallowProxySet = new HashSet(); private static htmlFilterTransformer transformer = null; public static final String proxyUserAgent = "yacy (" + httpc.systemOST +") yacy.net"; diff --git a/yacy.init b/yacy.init index 42100230b..c30701dc5 100644 --- a/yacy.init +++ b/yacy.init @@ -144,14 +144,6 @@ fileHost = localpeer # specify the path to the MIME matching file table mimeConfig = httpd.mime -# UNUSED: -# specify the path to message resource file -messConfig = httpd.messages - -# proxy use. This server can also act as an caching proxy. -# to enable that function, set proxy=true -proxy=true - # a path to the file cache, used for the internal proxy and as crawl buffer # This will be used if the server is addressed as a proxy proxyCache = DATA/HTCACHE @@ -178,7 +170,6 @@ proxyCacheLayout = hash # the migration flag shows, if the different layout shall be migrated from one to another proxyCacheMigration = true - # the following mime-types are the whitelist for indexing # # parseableRealtimeMimeTypes: specifies mime-types that can be indexed on the fly @@ -190,7 +181,6 @@ parseableMimeTypes.PROXY= parseableMimeTypes.ICAP= parseableMimeTypes.URLREDIRECTOR= - # media extension string # a comma-separated list of extensions that denote media file formats # this is important to recognize - tags as not-html reference @@ -275,6 +265,14 @@ proxyBlueList=yacy.blue #proxyClient=192.168.0.4 proxyClient=localhost,127.0.0.1,192.168.*,10.* +# YaCyHop: allow public usage of proxy for yacy-protocol +# this enables usage of the internal http proxy for everyone, +# if the file path starts with /yacy/ +# This is used to enable anonymization of yacy protocol requests +# Instead of asking a remote peer directly, a peer in between is asked +# to prevent that the asked peer knows which peer asks. +YaCyHop=true + # serverClient: client-ip's that may connect to the web server, # thus are allowed to use the search service # if you set this to another value, search requst from others @@ -282,13 +280,6 @@ proxyClient=localhost,127.0.0.1,192.168.*,10.* # search services. serverClient=* -### proxyAccount: a user:password - pair for proxy authentification -### leave empty for no authenication -### example: -##proxyAccount=jim:knopf -##proxyAccount= -##proxyAccountBase64MD5= - # use_proxyAccounts: set to true to restrict proxy-access to some identified users. #use User_p.html to create some Users. use_proxyAccounts=false