Support checking banned IPs from external server proxied requests

2024-11-24 19:25:15 +01:00 · 2011-12-03 05:31:37 +08:00 · 2011-12-03 05:31:37 +08:00 · 8f6982265a
commit 8f6982265a
parent 82318346c2
3 changed files with 35 additions and 28 deletions
--- a/src/main/java/org/dynmap/DynmapPlugin.java
+++ b/src/main/java/org/dynmap/DynmapPlugin.java
@ -372,7 +372,7 @@ public class DynmapPlugin extends JavaPlugin implements DynmapAPI {
        	Log.verboseinfo("Web server is permitting symbolic links");
        else
        	Log.verboseinfo("Web server is not permitting symbolic links");        	
-        webServer = new HttpServer(bindAddress, port, checkbannedips, maxconnections);
+        webServer = new HttpServer(bindAddress, port, checkbannedips, maxconnections, this);
        webServer.handlers.put("/", new FilesystemHandler(getFile(configuration.getString("webpath", "web")), allow_symlinks));
        webServer.handlers.put("/tiles/", new FilesystemHandler(tilesDirectory, allow_symlinks));
        webServer.handlers.put("/up/configuration", new ClientConfigurationHandler(this));
--- a/src/main/java/org/dynmap/web/HttpServer.java
+++ b/src/main/java/org/dynmap/web/HttpServer.java
@ -18,6 +18,7 @@ import java.util.SortedMap;
 import java.util.TreeMap;
 import java.util.logging.Logger;

+import org.bukkit.plugin.Plugin;
 import org.dynmap.Log;

 public class HttpServer extends Thread {
@ -36,13 +37,15 @@ public class HttpServer extends Thread {
    private Object lock = new Object();
    private HashSet<HttpServerConnection> active_connections = new HashSet<HttpServerConnection>();
    private HashSet<HttpServerConnection> keepalive_connections = new HashSet<HttpServerConnection>();
+    private Plugin plugin;
    private static Map<String, String> headers = new HashMap<String,String>();

-    public HttpServer(InetAddress bindAddress, int port, boolean check_banned_ips, int max_sessions) {
+    public HttpServer(InetAddress bindAddress, int port, boolean check_banned_ips, int max_sessions, Plugin plg) {
        this.bindAddress = bindAddress;
        this.port = port;
        this.check_banned_ips = check_banned_ips;
        this.max_sessions = max_sessions;
+        this.plugin = plg;
    }

    public InetAddress getAddress() {
@ -142,33 +145,9 @@ public class HttpServer extends Thread {
    private void loadBannedIPs() {
    	banned_ips.clear();
    	banned_ips_notified.clear();
-    	File f = new File("banned-ips.txt");
-    	if(f.exists() == false)
-    		return;
-    	if(f.lastModified() == lastmod) {
-    		return;
-    	}
-    	lastmod = f.lastModified();
-    	BufferedReader rdr = null;
-    	try {
-    		rdr = new BufferedReader(new FileReader(f));
-    		String line;
-    		while((line = rdr.readLine()) != null) {
-    			line = line.trim().toLowerCase();	/* Trim it and case normalize it */
-    			if((line.length() == 0) || (line.charAt(0) == '#')) {	/* Blank or comment? */
-    				continue;
-    			}
-    			banned_ips.add(line);
-    		}
-    	} catch (IOException iox) {
-    		Log.severe("Error reading banned-ips.txt!");
-    	} finally {
-    		if(rdr != null) {
-    			try { rdr.close(); } catch (IOException iox) {}
-    			rdr = null;
-    		}
-    	}
+    	banned_ips.addAll(plugin.getServer().getIPBans());
    }
+    
    /* Return true if address is banned */
    public boolean checkForBannedIp(SocketAddress socketAddress) {
    	if(!check_banned_ips)
@ -192,6 +171,26 @@ public class HttpServer extends Thread {
    	}
    	return false;
    }
+    /* Return true if address is banned */
+    public boolean checkForBannedIp(String ipaddr) {
+        if(!check_banned_ips)
+            return false;
+        
+        long t = System.currentTimeMillis();
+        if((t < last_loaded) || ((t-last_loaded) > BANNED_RELOAD_INTERVAL)) {
+            loadBannedIPs();
+            last_loaded = t;
+        }
+        if(banned_ips.contains(ipaddr)) {
+            if(banned_ips_notified.contains(ipaddr) == false) {
+                Log.info("Rejected connection by banned IP address - " + ipaddr);
+                banned_ips_notified.add(ipaddr);
+            }
+            return true;
+        }
+        return false;
+    }
+
    public static Map<String,String> getCustomHeaders() {
        return headers;
    }
--- a/src/main/java/org/dynmap/web/HttpServerConnection.java
+++ b/src/main/java/org/dynmap/web/HttpServerConnection.java
@ -147,6 +147,14 @@ public class HttpServerConnection extends Thread {
                if (!readRequestHeader(in, request)) {
                    return;
                }
+                String fwd_for = request.fields.get("X-Forwarded-For");
+                if(fwd_for != null) {
+                    String[] ff = fwd_for.split(",");
+                    for(int i = 0; i < ff.length; i++) {
+                        if(server.checkForBannedIp(ff[i]))
+                            return;
+                    }
+                }

                long bound = -1;
                BoundInputStream boundBody = null;