From ec5b1d9e33ee050eeade38cd06b1749274d5f377 Mon Sep 17 00:00:00 2001
From: reger <reger18@arcor.de>
Date: Tue, 26 Aug 2014 01:02:38 +0200
Subject: [PATCH] let NETWORK_WHITELIST take precedence over NETWORK_BLACKLIST
 this makes it easier to config exception (for private networks), like  
 blacklist= .*         whitelist= 10\..*,127\..* .....     allows only listed
 ip pattern

---
 defaults/yacy.network.readme |  3 +++
 htroot/yacysearch.java       | 10 +++++-----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/defaults/yacy.network.readme b/defaults/yacy.network.readme
index ab65066ab..c17760cde 100644
--- a/defaults/yacy.network.readme
+++ b/defaults/yacy.network.readme
@@ -53,6 +53,9 @@
 # can be configured in the whitelist.
 # In contrast also a list of IPs may be given to be not allowed to access the peers at all
 # The YaCy-httpd will not respond on any request from IPs given in the blacklist
+#   Entries in whitelist take precedence over blacklist entries
+#       1. whitlist is checked if match - access is allowed
+#       2. blacklist ist checked if match - access is denied
 # By default both lists should be empty to provide a basic search functionality for everyone.
 # When running a private YaCy network, all peers that are in the own network should be configured
 # in the whitelist. Otherwise the access from whitelisted clients is allowed, but the executing
diff --git a/htroot/yacysearch.java b/htroot/yacysearch.java
index fe9a5c9bb..c5ff4c6c9 100644
--- a/htroot/yacysearch.java
+++ b/htroot/yacysearch.java
@@ -277,7 +277,11 @@ public class yacysearch {
             trackerHandles = new TreeSet<Long>();
         }
         boolean block = false;
-        if ( Domains.matchesList(client, sb.networkBlacklist) ) {
+        if ( Domains.matchesList(client, sb.networkWhitelist) ) {
+            ConcurrentLog.info("LOCAL_SEARCH", "ACCESS CONTROL: WHITELISTED CLIENT FROM "
+                + client
+                + " gets no search restrictions");
+        } else if ( Domains.matchesList(client, sb.networkBlacklist) ) {
             global = false;
             if ( snippetFetchStrategy != null ) {
                 snippetFetchStrategy = null;
@@ -286,10 +290,6 @@ public class yacysearch {
             ConcurrentLog.warn("LOCAL_SEARCH", "ACCESS CONTROL: BLACKLISTED CLIENT FROM "
                 + client
                 + " gets no permission to search");
-        } else if ( Domains.matchesList(client, sb.networkWhitelist) ) {
-            ConcurrentLog.info("LOCAL_SEARCH", "ACCESS CONTROL: WHITELISTED CLIENT FROM "
-                + client
-                + " gets no search restrictions");
         } else if ( !authenticated && !localhostAccess && !intranetMode ) {
             // in case that we do a global search or we want to fetch snippets, we check for DoS cases
             synchronized ( trackerHandles ) {