boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

added security patch

Browse Source
pull/1/head
orbiter 11 years ago
parent dcf46ce8f6
commit c3dee2d6bd
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File

6
source/net/yacy/http/servlets/YaCyProxyServlet.java
Unescape View File

@ -5,6 +5,7 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
@ -24,6 +25,7 @@ import net.yacy.cora.document.encoding.UTF8;
import net.yacy.cora.document.id.DigestURL;
import net.yacy.cora.document.id.MultiProtocolURL;
import net.yacy.cora.protocol.ClientIdentification;
import net.yacy.cora.protocol.Domains;
import net.yacy.cora.protocol.HeaderFramework;
import net.yacy.cora.protocol.RequestHeader;
import net.yacy.cora.protocol.ResponseHeader;
@ -78,6 +80,10 @@ public class YaCyProxyServlet extends ProxyServlet implements Servlet {
final HttpServletRequest request = (HttpServletRequest) req;
final HttpServletResponse response = (HttpServletResponse) res;
String remoteHost = req.getRemoteHost();
InetAddress remoteIP = Domains.dnsResolve(remoteHost);
if (!remoteIP.isAnyLocalAddress()) throw new ServletException("access denied");
if ("CONNECT".equalsIgnoreCase(request.getMethod())) {
handleConnect(request, response);
} else {

Write Preview
Loading…
Cancel
Save