Block favicon.ico and allow remote stats requests (configurable).

diff --git a/apt-p2p.conf b/apt-p2p.conf
index 500bd23b894080bc2d0f63de652dbb29014983fc..eb5d0ca023232f11c933290b3339ddcdd4d55b65 100644 (file)
--- a/apt-p2p.conf
+++ b/apt-p2p.conf
@@ -39,6 +39,9 @@ CACHE_DIR = /var/cache/apt-p2p
 # Whether it's OK to use an IP address from a known local/private range
 LOCAL_OK = no
 
+# Whether a remote peer can access the statistics page
+REMOTE_STATS = yes
+
 # Unload the packages cache after an interval of inactivity this long.
 # The packages cache uses a lot of memory, and only takes a few seconds
 # to reload when a new request arrives.

diff --git a/apt_p2p/HTTPServer.py b/apt_p2p/HTTPServer.py
index b5dec02c36e1a8f1c7f428571f7a2e74c5a80d11..1d1af488fdabddb289bb4cc9e8bfd430078b624e 100644 (file)
--- a/apt_p2p/HTTPServer.py
+++ b/apt_p2p/HTTPServer.py
@@ -264,20 +264,27 @@ class TopLevel(resource.Resource):
             else:
                 log.msg('Hash could not be found in database: %r' % hash)
 
-        # Only local requests (apt) get past this point
-        if request.remoteAddr.host != "127.0.0.1":
-            log.msg('Blocked illegal access to %s from %s' % (request.uri, request.remoteAddr))
-            return None, ()
-        
-        # Block access to index .diff files (for now)
-        if 'Packages.diff' in segments or 'Sources.diff' in segments:
-            return None, ()
-         
         if len(name) > 1:
             # It's a request from apt
+
+            # Only local requests (apt) get past this point
+            if request.remoteAddr.host != "127.0.0.1":
+                log.msg('Blocked illegal access to %s from %s' % (request.uri, request.remoteAddr))
+                return None, ()
+
+            # Block access to index .diff files (for now)
+            if 'Packages.diff' in segments or 'Sources.diff' in segments or name == 'favicon.ico':
+                return None, ()
+             
             return FileDownloader(self.directory.path, self.manager), segments[0:]
         else:
             # Will render the statistics page
+
+            # Only local requests for stats are allowed
+            if not config.getboolean('DEFAULT', 'REMOTE_STATS') and request.remoteAddr.host != "127.0.0.1":
+                log.msg('Blocked illegal access to %s from %s' % (request.uri, request.remoteAddr))
+                return None, ()
+
             return self, ()
         
         log.msg('Got a malformed request for "%s" from %s' % (request.uri, request.remoteAddr))

diff --git a/apt_p2p/apt_p2p_conf.py b/apt_p2p/apt_p2p_conf.py
index 20ba4125a281dc02f9233847c4bb355839af9c10..e4f0bf9f7733efd94e6498e9789e924b319496cb 100644 (file)
--- a/apt_p2p/apt_p2p_conf.py
+++ b/apt_p2p/apt_p2p_conf.py
@@ -61,6 +61,9 @@ DEFAULTS = {
     # Whether it's OK to use an IP address from a known local/private range
     'LOCAL_OK': 'no',
 
+    # Whether a remote peer can access the statistics page
+    'REMOTE_STATS': 'yes',
+
     # Unload the packages cache after an interval of inactivity this long.
     # The packages cache uses a lot of memory, and only takes a few seconds
     # to reload when a new request arrives.

diff --git a/debian/apt-p2p.conf.sgml b/debian/apt-p2p.conf.sgml
index bbd12081b206d1919679b3c1e337815a93c4761c..f73d85b0b3dde2b18b56ea4bc26ee8d9bc139be1 100644 (file)
--- a/debian/apt-p2p.conf.sgml
+++ b/debian/apt-p2p.conf.sgml
@@ -133,6 +133,13 @@
                (Default is false)</para>
            </listitem>
          </varlistentry>
+         <varlistentry>
+           <term><option>REMOTE_STATS = <replaceable>boolean</replaceable></option></term>
+            <listitem>
+             <para>Whether a remote peer can access the statistics page.
+               (Default is True)</para>
+           </listitem>
+         </varlistentry>
          <varlistentry>
            <term><option>UNLOAD_PACKAGES_CACHE = <replaceable>time</replaceable></option></term>
             <listitem>

diff --git a/test.py b/test.py
index d4df4e74e661a56ede906c65e2b6f57e36ac4e71..ec64de2e30a2a35a268a2da22018682c5ef5939f 100755 (executable)
--- a/test.py
+++ b/test.py
@@ -360,6 +360,9 @@ CACHE_DIR = %(CACHE_DIR)s
 # Whether it's OK to use an IP addres from a known local/private range
 LOCAL_OK = yes
 
+# Whether a remote peer can access the statistics page
+REMOTE_STATS = yes
+
 # Unload the packages cache after an interval of inactivity this long.
 # The packages cache uses a lot of memory, and only takes a few seconds
 # to reload when a new request arrives.