reimplement proxy access by configured whitlist pattern

was currently limited to own ip.

source/net/yacy/http/AbstractRemoteHandler.java

@@ -28,6 +28,7 @@ import java.io.IOException;
 import java.net.InetAddress;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.StringTokenizer;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -111,11 +112,11 @@ abstract public class AbstractRemoteHandler extends AbstractHandler implements H
             return;
         }
         
-        String remoteHost = request.getRemoteHost();
+        final String remoteHost = request.getRemoteHost();
-        if (!Domains.isThisHostIP(remoteHost)) { // isThisHostIP checks resolves & isAnyLocal & isLoopback IP
+        if (!proxyippatternmatch(remoteHost)) {
-            // TODO: handle proxy account  ~ ? use proxyClient config instead fix of localIP?
+            // TODO: handle proxy account
             response.sendError(HttpServletResponse.SC_FORBIDDEN,
-                    "proxy use not granted for IP " + request.getRemoteAddr() + " (see Server Proxy Access settings).");
+                    "proxy use not granted for IP " + remoteHost + " (see Server Proxy Access settings).");
             baseRequest.setHandled(true);
             return;
         }
@@ -124,4 +125,24 @@ abstract public class AbstractRemoteHandler extends AbstractHandler implements H
 
     }
     
+    /**
+     * helper for proxy IP config pattern check
+     */
+    private boolean proxyippatternmatch(final String key) {
+        // the cfgippattern is a comma-separated list of patterns
+        // each pattern may contain one wildcard-character '*' which matches anything
+        final String cfgippattern = Switchboard.getSwitchboard().getConfig("proxyClient", "*");
+        if (cfgippattern.equals("*")) {
+            return true;
+        }
+        final StringTokenizer st = new StringTokenizer(cfgippattern, ",");
+        String pattern;
+        while (st.hasMoreTokens()) {
+            pattern = st.nextToken();
+            if (key.matches(pattern)) {
+                return true;
+            }
+        }
+        return false;
+    }
 }

source/net/yacy/http/ProxyHandler.java

@@ -45,6 +45,7 @@ import net.yacy.cora.protocol.HeaderFramework;
 import net.yacy.cora.protocol.RequestHeader;
 import net.yacy.cora.protocol.ResponseHeader;
 import net.yacy.cora.protocol.http.HTTPClient;
+import net.yacy.cora.util.ConcurrentLog;
 import net.yacy.document.TextParser;
 import net.yacy.crawler.data.Cache;
 import net.yacy.crawler.retrieval.Response;
@@ -91,7 +92,7 @@ public class ProxyHandler extends AbstractRemoteHandler implements Handler {
 	public void handleRemote(String target, Request baseRequest, HttpServletRequest request,
 			HttpServletResponse response) throws IOException, ServletException {
 
-            if (request.getMethod().equals(HeaderFramework.METHOD_CONNECT)) {
+            if (request.getMethod().equalsIgnoreCase(HeaderFramework.METHOD_CONNECT)) {
                 handleConnect(request, response);
                 return;
             }
@@ -100,7 +101,7 @@ public class ProxyHandler extends AbstractRemoteHandler implements Handler {
             setProxyHeaderForClient(request, proxyHeaders);
 
             final HTTPClient client = new HTTPClient(ClientIdentification.yacyProxyAgent);
-            int timeout = 60000;
+            int timeout = 10000;
             client.setTimout(timeout);
             client.setHeader(proxyHeaders.entrySet());
             client.setRedirecting(false);

source/net/yacy/http/servlets/YaCyProxyServlet.java

@@ -9,6 +9,7 @@ import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLDecoder;
 import java.util.HashMap;
+import java.util.StringTokenizer;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -80,10 +81,14 @@ public class YaCyProxyServlet extends ProxyServlet implements Servlet {
             return;
         }
         
-        String remoteHost = req.getRemoteHost();
+        final String remoteHost = req.getRemoteHost();
         if (!Domains.isThisHostIP(remoteHost)) {            
             response.sendError(HttpServletResponse.SC_FORBIDDEN,
-                    "proxy use not granted for IP " + req.getRemoteAddr());
+                    "proxy use not granted for IP " + remoteHost);
+            return;
+        } else if (!proxyippatternmatch(remoteHost)) {
+            response.sendError(HttpServletResponse.SC_FORBIDDEN,
+                    "proxy use not granted for IP " + remoteHost);
             return;
         }
 
@@ -322,6 +327,26 @@ public class YaCyProxyServlet extends ProxyServlet implements Servlet {
         return buf.toString("UTF-8");
     }
 
+    /**
+     * helper for proxy IP config pattern check
+     */
+    private boolean proxyippatternmatch(final String key) {
+        // the cfgippattern is a comma-separated list of patterns
+        // each pattern may contain one wildcard-character '*' which matches anything
+        final String cfgippattern = Switchboard.getSwitchboard().getConfig("proxyClient", "*");
+        if (cfgippattern.equals("*")) {
+            return true;
+        }
+        final StringTokenizer st = new StringTokenizer(cfgippattern, ",");
+        String pattern;
+        while (st.hasMoreTokens()) {
+            pattern = st.nextToken();
+            if (key.matches(pattern)) {
+                return true;
+            }
+        }
+        return false;
+    }    
 
     /**
      * get destination url (from query parameter &url=http://....)