mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

More thorough check of host

main
Bob Mottram 2020-03-28 15:42:27 +00:00
parent 2f46c2b31f
commit c49f3846ad
1 changed files with 42 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
daemon.py
View File

@ -937,17 +937,30 @@ class PubServer(BaseHTTPRequestHandler):
callingDomain=None callingDomain=None
if self.headers.get('Host'): if self.headers.get('Host'):
callingDomain=self.headers['Host'] callingDomain=self.headers['Host']
if self.server.onionDomain:
if callingDomain != self.server.domain and \
callingDomain != self.server.domainFull and \
callingDomain != self.server.onionDomain:
print('GET domain blocked: '+callingDomain)
self._400()
return
else:
if callingDomain != self.server.domain and \
callingDomain != self.server.domainFull:
print('GET domain blocked: '+callingDomain)
self._400()
return
if self.server.blocklistUpdateCtr<=0: #if self.server.blocklistUpdateCtr<=0:
self.server.blocklistUpdateCtr=self.server.blocklistUpdateInterval # self.server.blocklistUpdateCtr=self.server.blocklistUpdateInterval
self.server.domainBlocklist=getDomainBlocklist(self.server.baseDir) # self.server.domainBlocklist=getDomainBlocklist(self.server.baseDir)
self.server.blocklistUpdateCtr-=1 #self.server.blocklistUpdateCtr-=1
if callingDomain in self.server.domainBlocklist: #if callingDomain in self.server.domainBlocklist:
print('GET domain blocked: '+callingDomain) # print('GET domain blocked: '+callingDomain)
self._400() # self._400()
return # return
GETstartTime=time.time() GETstartTime=time.time()
GETtimings=[] GETtimings=[]
@ -4389,17 +4402,30 @@ class PubServer(BaseHTTPRequestHandler):
callingDomain=None callingDomain=None
if self.headers.get('Host'): if self.headers.get('Host'):
callingDomain=self.headers['Host'] callingDomain=self.headers['Host']
if self.server.onionDomain:
if callingDomain != self.server.domain and \
callingDomain != self.server.domainFull and \
callingDomain != self.server.onionDomain:
print('POST domain blocked: '+callingDomain)
self._400()
return
else:
if callingDomain != self.server.domain and \
callingDomain != self.server.domainFull:
print('POST domain blocked: '+callingDomain)
self._400()
return
if self.server.blocklistUpdateCtr<=0: #if self.server.blocklistUpdateCtr<=0:
self.server.blocklistUpdateCtr=self.server.blocklistUpdateInterval # self.server.blocklistUpdateCtr=self.server.blocklistUpdateInterval
self.server.domainBlocklist=getDomainBlocklist(self.server.baseDir) # self.server.domainBlocklist=getDomainBlocklist(self.server.baseDir)
self.server.blocklistUpdateCtr-=1 #self.server.blocklistUpdateCtr-=1
if callingDomain in self.server.domainBlocklist: #if callingDomain in self.server.domainBlocklist:
print('POST domain blocked: '+callingDomain) # print('POST domain blocked: '+callingDomain)
self._400() # self._400()
return # return
self.server.POSTbusy=True self.server.POSTbusy=True
if not self.headers.get('Content-type'): if not self.headers.get('Content-type'):