let NETWORK_WHITELIST take precedence over NETWORK_BLACKLIST

this makes it easier to config exception (for private networks),
like   blacklist= .*
        whitelist= 10\..*,127\..* .....     allows only listed ip pattern
pull/1/head
reger 11 years ago
parent 8d1b66accc
commit ec5b1d9e33

@ -53,6 +53,9 @@
# can be configured in the whitelist.
# In contrast also a list of IPs may be given to be not allowed to access the peers at all
# The YaCy-httpd will not respond on any request from IPs given in the blacklist
# Entries in whitelist take precedence over blacklist entries
# 1. whitlist is checked if match - access is allowed
# 2. blacklist ist checked if match - access is denied
# By default both lists should be empty to provide a basic search functionality for everyone.
# When running a private YaCy network, all peers that are in the own network should be configured
# in the whitelist. Otherwise the access from whitelisted clients is allowed, but the executing

@ -277,7 +277,11 @@ public class yacysearch {
trackerHandles = new TreeSet<Long>();
}
boolean block = false;
if ( Domains.matchesList(client, sb.networkBlacklist) ) {
if ( Domains.matchesList(client, sb.networkWhitelist) ) {
ConcurrentLog.info("LOCAL_SEARCH", "ACCESS CONTROL: WHITELISTED CLIENT FROM "
+ client
+ " gets no search restrictions");
} else if ( Domains.matchesList(client, sb.networkBlacklist) ) {
global = false;
if ( snippetFetchStrategy != null ) {
snippetFetchStrategy = null;
@ -286,10 +290,6 @@ public class yacysearch {
ConcurrentLog.warn("LOCAL_SEARCH", "ACCESS CONTROL: BLACKLISTED CLIENT FROM "
+ client
+ " gets no permission to search");
} else if ( Domains.matchesList(client, sb.networkWhitelist) ) {
ConcurrentLog.info("LOCAL_SEARCH", "ACCESS CONTROL: WHITELISTED CLIENT FROM "
+ client
+ " gets no search restrictions");
} else if ( !authenticated && !localhostAccess && !intranetMode ) {
// in case that we do a global search or we want to fetch snippets, we check for DoS cases
synchronized ( trackerHandles ) {

Loading…
Cancel
Save