boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

let NETWORK_WHITELIST take precedence over NETWORK_BLACKLIST

Browse Source 
this makes it easier to config exception (for private networks),
like   blacklist= .*
        whitelist= 10\..*,127\..* .....     allows only listed ip pattern
pull/1/head
reger 11 years ago
parent 8d1b66accc
commit ec5b1d9e33
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File

3
defaults/yacy.network.readme
Unescape View File

@ -53,6 +53,9 @@
# can be configured in the whitelist. # can be configured in the whitelist.
# In contrast also a list of IPs may be given to be not allowed to access the peers at all # In contrast also a list of IPs may be given to be not allowed to access the peers at all
# The YaCy-httpd will not respond on any request from IPs given in the blacklist # The YaCy-httpd will not respond on any request from IPs given in the blacklist
# Entries in whitelist take precedence over blacklist entries
# 1. whitlist is checked if match - access is allowed
# 2. blacklist ist checked if match - access is denied
# By default both lists should be empty to provide a basic search functionality for everyone. # By default both lists should be empty to provide a basic search functionality for everyone.
# When running a private YaCy network, all peers that are in the own network should be configured # When running a private YaCy network, all peers that are in the own network should be configured
# in the whitelist. Otherwise the access from whitelisted clients is allowed, but the executing # in the whitelist. Otherwise the access from whitelisted clients is allowed, but the executing

10
htroot/yacysearch.java
Unescape View File

@ -277,7 +277,11 @@ public class yacysearch {
trackerHandles = new TreeSet<Long>(); trackerHandles = new TreeSet<Long>();
} }
boolean block = false; boolean block = false;
if ( Domains.matchesList(client, sb.networkBlacklist) ) { if ( Domains.matchesList(client, sb.networkWhitelist) ) {
ConcurrentLog.info("LOCAL_SEARCH", "ACCESS CONTROL: WHITELISTED CLIENT FROM "
+ client
+ " gets no search restrictions");
} else if ( Domains.matchesList(client, sb.networkBlacklist) ) {
global = false; global = false;
if ( snippetFetchStrategy != null ) { if ( snippetFetchStrategy != null ) {
snippetFetchStrategy = null; snippetFetchStrategy = null;
@ -286,10 +290,6 @@ public class yacysearch {
ConcurrentLog.warn("LOCAL_SEARCH", "ACCESS CONTROL: BLACKLISTED CLIENT FROM " ConcurrentLog.warn("LOCAL_SEARCH", "ACCESS CONTROL: BLACKLISTED CLIENT FROM "
+ client + client
+ " gets no permission to search"); + " gets no permission to search");
} else if ( Domains.matchesList(client, sb.networkWhitelist) ) {
ConcurrentLog.info("LOCAL_SEARCH", "ACCESS CONTROL: WHITELISTED CLIENT FROM "
+ client
+ " gets no search restrictions");
} else if ( !authenticated && !localhostAccess && !intranetMode ) { } else if ( !authenticated && !localhostAccess && !intranetMode ) {
// in case that we do a global search or we want to fetch snippets, we check for DoS cases // in case that we do a global search or we want to fetch snippets, we check for DoS cases
synchronized ( trackerHandles ) { synchronized ( trackerHandles ) {

Write Preview
Loading…
Cancel
Save