reimplement proxy access by configured whitlist pattern

was currently limited to own ip.
11 years ago · f06cef5d5b
parent 05d6cc6ea3
commit f06cef5d5b
3 changed files with 59 additions and 12 deletions
--- a/source/net/yacy/http/AbstractRemoteHandler.java
+++ b/source/net/yacy/http/AbstractRemoteHandler.java
@ -28,6 +28,7 @@ import java.io.IOException;
 import java.net.InetAddress;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.StringTokenizer;

 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@ -111,11 +112,11 @@ abstract public class AbstractRemoteHandler extends AbstractHandler implements H
            return;
        }
        
-        String remoteHost = request.getRemoteHost();
-        if (!Domains.isThisHostIP(remoteHost)) { // isThisHostIP checks resolves & isAnyLocal & isLoopback IP
-            // TODO: handle proxy account  ~ ? use proxyClient config instead fix of localIP?
+        final String remoteHost = request.getRemoteHost();
+        if (!proxyippatternmatch(remoteHost)) {
+            // TODO: handle proxy account
            response.sendError(HttpServletResponse.SC_FORBIDDEN,
-                    "proxy use not granted for IP " + request.getRemoteAddr() + " (see Server Proxy Access settings).");
+                    "proxy use not granted for IP " + remoteHost + " (see Server Proxy Access settings).");
            baseRequest.setHandled(true);
            return;
        }
@ -124,4 +125,24 @@ abstract public class AbstractRemoteHandler extends AbstractHandler implements H

    }
    
+    /**
+     * helper for proxy IP config pattern check
+     */
+    private boolean proxyippatternmatch(final String key) {
+        // the cfgippattern is a comma-separated list of patterns
+        // each pattern may contain one wildcard-character '*' which matches anything
+        final String cfgippattern = Switchboard.getSwitchboard().getConfig("proxyClient", "*");
+        if (cfgippattern.equals("*")) {
+            return true;
+        }
+        final StringTokenizer st = new StringTokenizer(cfgippattern, ",");
+        String pattern;
+        while (st.hasMoreTokens()) {
+            pattern = st.nextToken();
+            if (key.matches(pattern)) {
+                return true;
+            }
+        }
+        return false;
+    }
 }
--- a/source/net/yacy/http/ProxyHandler.java
+++ b/source/net/yacy/http/ProxyHandler.java
@ -45,6 +45,7 @@ import net.yacy.cora.protocol.HeaderFramework;
 import net.yacy.cora.protocol.RequestHeader;
 import net.yacy.cora.protocol.ResponseHeader;
 import net.yacy.cora.protocol.http.HTTPClient;
+import net.yacy.cora.util.ConcurrentLog;
 import net.yacy.document.TextParser;
 import net.yacy.crawler.data.Cache;
 import net.yacy.crawler.retrieval.Response;
@ -91,7 +92,7 @@ public class ProxyHandler extends AbstractRemoteHandler implements Handler {
 	public void handleRemote(String target, Request baseRequest, HttpServletRequest request,
 			HttpServletResponse response) throws IOException, ServletException {

-            if (request.getMethod().equals(HeaderFramework.METHOD_CONNECT)) {
+            if (request.getMethod().equalsIgnoreCase(HeaderFramework.METHOD_CONNECT)) {
                handleConnect(request, response);
                return;
            }
@ -100,7 +101,7 @@ public class ProxyHandler extends AbstractRemoteHandler implements Handler {
            setProxyHeaderForClient(request, proxyHeaders);

            final HTTPClient client = new HTTPClient(ClientIdentification.yacyProxyAgent);
-            int timeout = 60000;
+            int timeout = 10000;
            client.setTimout(timeout);
            client.setHeader(proxyHeaders.entrySet());
            client.setRedirecting(false);
--- a/source/net/yacy/http/servlets/YaCyProxyServlet.java
+++ b/source/net/yacy/http/servlets/YaCyProxyServlet.java
@ -9,6 +9,7 @@ import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLDecoder;
 import java.util.HashMap;
+import java.util.StringTokenizer;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;

@ -80,10 +81,14 @@ public class YaCyProxyServlet extends ProxyServlet implements Servlet {
            return;
        }
        
-        String remoteHost = req.getRemoteHost();
+        final String remoteHost = req.getRemoteHost();
        if (!Domains.isThisHostIP(remoteHost)) {            
            response.sendError(HttpServletResponse.SC_FORBIDDEN,
-                    "proxy use not granted for IP " + req.getRemoteAddr());
+                    "proxy use not granted for IP " + remoteHost);
+            return;
+        } else if (!proxyippatternmatch(remoteHost)) {
+            response.sendError(HttpServletResponse.SC_FORBIDDEN,
+                    "proxy use not granted for IP " + remoteHost);
            return;
        }

@ -322,6 +327,26 @@ public class YaCyProxyServlet extends ProxyServlet implements Servlet {
        return buf.toString("UTF-8");
    }

+    /**
+     * helper for proxy IP config pattern check
+     */
+    private boolean proxyippatternmatch(final String key) {
+        // the cfgippattern is a comma-separated list of patterns
+        // each pattern may contain one wildcard-character '*' which matches anything
+        final String cfgippattern = Switchboard.getSwitchboard().getConfig("proxyClient", "*");
+        if (cfgippattern.equals("*")) {
+            return true;
+        }
+        final StringTokenizer st = new StringTokenizer(cfgippattern, ",");
+        String pattern;
+        while (st.hasMoreTokens()) {
+            pattern = st.nextToken();
+            if (key.matches(pattern)) {
+                return true;
+            }
+        }
+        return false;
+    }    

    /**
     * get destination url (from query parameter &url=http://....)