From bd7411a53af4f1e54bf27498f95b4f0f7934f090 Mon Sep 17 00:00:00 2001 From: luccioman Date: Wed, 17 May 2017 09:00:29 +0200 Subject: [PATCH] Enable p2p and cluster communication when "Protection of all pages" on As reported by paul89 on YaCy forum (http://forum.yacy-websuche.de/viewtopic.php?f=23&t=5958 ), when setting the "Protection of all pages" to "On" in the "ConfigAccounts_p.html" page, the peer became completely unreachable by others, which is not the purpose of this feature. But the restriction still makes sense as a security enforcement and is maintained in private "Robinson mode" where by the way any peer-to-peer or cluster communication would be rejected. --- source/net/yacy/http/Jetty9YaCySecurityHandler.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/source/net/yacy/http/Jetty9YaCySecurityHandler.java b/source/net/yacy/http/Jetty9YaCySecurityHandler.java index dc5f71a1c..747769092 100644 --- a/source/net/yacy/http/Jetty9YaCySecurityHandler.java +++ b/source/net/yacy/http/Jetty9YaCySecurityHandler.java @@ -75,7 +75,15 @@ public class Jetty9YaCySecurityHandler extends ConstraintSecurityHandler { final boolean accessFromLocalhost = Domains.isLocalhost(remoteip) && (refererHost == null || refererHost.length() == 0 || Domains.isLocalhost(refererHost)); // ! note : accessFromLocalhost compares localhost ip pattern final boolean grantedForLocalhost = adminAccountGrantedForLocalhost && accessFromLocalhost; - boolean protectedPage = adminAccountNeededForAllPages || (pathInContext.indexOf("_p.") > 0); + + /* Even when all pages are protected, we don't want to block those used for peer-to-peer or cluster communication (except in private robinson mode) + * (examples : /yacy/hello.html is required for p2p and cluster network presence and /solr/select for remote Solr search requests) */ + boolean protectedPage = (adminAccountNeededForAllPages && ((sb.isRobinsonMode() && !sb.isPublicRobinson()) || + !(pathInContext.startsWith("/yacy/") || pathInContext.startsWith("/solr/")))); + + /* Pages suffixed with "_p" are by the way always considered protected */ + protectedPage = protectedPage || (pathInContext.indexOf("_p.") > 0); + // check "/gsa" and "/solr" if not publicSearchpage if (!protectedPage && !sb.getConfigBool(SwitchboardConstants.PUBLIC_SEARCHPAGE, true)) { protectedPage = pathInContext.startsWith("/solr/") || pathInContext.startsWith("/gsa/");