From c1a8891e0bfb81e9fc64d271f8e4de059c699921 Mon Sep 17 00:00:00 2001 From: Cameron Dale Date: Wed, 16 Apr 2008 11:05:31 -0700 Subject: [PATCH] Block favicon.ico and allow remote stats requests (configurable). --- apt-p2p.conf | 3 +++ apt_p2p/HTTPServer.py | 25 ++++++++++++++++--------- apt_p2p/apt_p2p_conf.py | 3 +++ debian/apt-p2p.conf.sgml | 7 +++++++ test.py | 3 +++ 5 files changed, 32 insertions(+), 9 deletions(-) diff --git a/apt-p2p.conf b/apt-p2p.conf index 500bd23..eb5d0ca 100644 --- a/apt-p2p.conf +++ b/apt-p2p.conf @@ -39,6 +39,9 @@ CACHE_DIR = /var/cache/apt-p2p # Whether it's OK to use an IP address from a known local/private range LOCAL_OK = no +# Whether a remote peer can access the statistics page +REMOTE_STATS = yes + # Unload the packages cache after an interval of inactivity this long. # The packages cache uses a lot of memory, and only takes a few seconds # to reload when a new request arrives. diff --git a/apt_p2p/HTTPServer.py b/apt_p2p/HTTPServer.py index b5dec02..1d1af48 100644 --- a/apt_p2p/HTTPServer.py +++ b/apt_p2p/HTTPServer.py @@ -264,20 +264,27 @@ class TopLevel(resource.Resource): else: log.msg('Hash could not be found in database: %r' % hash) - # Only local requests (apt) get past this point - if request.remoteAddr.host != "127.0.0.1": - log.msg('Blocked illegal access to %s from %s' % (request.uri, request.remoteAddr)) - return None, () - - # Block access to index .diff files (for now) - if 'Packages.diff' in segments or 'Sources.diff' in segments: - return None, () - if len(name) > 1: # It's a request from apt + + # Only local requests (apt) get past this point + if request.remoteAddr.host != "127.0.0.1": + log.msg('Blocked illegal access to %s from %s' % (request.uri, request.remoteAddr)) + return None, () + + # Block access to index .diff files (for now) + if 'Packages.diff' in segments or 'Sources.diff' in segments or name == 'favicon.ico': + return None, () + return FileDownloader(self.directory.path, self.manager), segments[0:] else: # Will render the statistics page + + # Only local requests for stats are allowed + if not config.getboolean('DEFAULT', 'REMOTE_STATS') and request.remoteAddr.host != "127.0.0.1": + log.msg('Blocked illegal access to %s from %s' % (request.uri, request.remoteAddr)) + return None, () + return self, () log.msg('Got a malformed request for "%s" from %s' % (request.uri, request.remoteAddr)) diff --git a/apt_p2p/apt_p2p_conf.py b/apt_p2p/apt_p2p_conf.py index 20ba412..e4f0bf9 100644 --- a/apt_p2p/apt_p2p_conf.py +++ b/apt_p2p/apt_p2p_conf.py @@ -61,6 +61,9 @@ DEFAULTS = { # Whether it's OK to use an IP address from a known local/private range 'LOCAL_OK': 'no', + # Whether a remote peer can access the statistics page + 'REMOTE_STATS': 'yes', + # Unload the packages cache after an interval of inactivity this long. # The packages cache uses a lot of memory, and only takes a few seconds # to reload when a new request arrives. diff --git a/debian/apt-p2p.conf.sgml b/debian/apt-p2p.conf.sgml index bbd1208..f73d85b 100644 --- a/debian/apt-p2p.conf.sgml +++ b/debian/apt-p2p.conf.sgml @@ -133,6 +133,13 @@ (Default is false) + + + + Whether a remote peer can access the statistics page. + (Default is True) + + diff --git a/test.py b/test.py index d4df4e7..ec64de2 100755 --- a/test.py +++ b/test.py @@ -360,6 +360,9 @@ CACHE_DIR = %(CACHE_DIR)s # Whether it's OK to use an IP addres from a known local/private range LOCAL_OK = yes +# Whether a remote peer can access the statistics page +REMOTE_STATS = yes + # Unload the packages cache after an interval of inactivity this long. # The packages cache uses a lot of memory, and only takes a few seconds # to reload when a new request arrives. -- 2.30.2