mirror of
https://github.com/webbukkit/dynmap.git
synced 2024-11-28 13:15:30 +01:00
Add support for enforcing banned-ips.txt on internal web server
This commit is contained in:
parent
0e6dfc1adf
commit
e613fb14d7
@ -138,6 +138,8 @@ quitmessage: "%playername% quit"
|
|||||||
spammessage: "You may only chat once every %interval% seconds."
|
spammessage: "You may only chat once every %interval% seconds."
|
||||||
webprefix: "§2[WEB] "
|
webprefix: "§2[WEB] "
|
||||||
websuffix: "§f"
|
websuffix: "§f"
|
||||||
|
# Enable checking for banned IPs via banned-ips.txt (internal web server only)
|
||||||
|
check-banned-ips: true
|
||||||
|
|
||||||
defaultzoom: 0
|
defaultzoom: 0
|
||||||
defaultworld: world
|
defaultworld: world
|
||||||
|
@ -274,11 +274,12 @@ public class DynmapPlugin extends JavaPlugin {
|
|||||||
}
|
}
|
||||||
int port = configuration.getInteger("webserver-port", 8123);
|
int port = configuration.getInteger("webserver-port", 8123);
|
||||||
boolean allow_symlinks = configuration.getBoolean("allow-symlinks", false);
|
boolean allow_symlinks = configuration.getBoolean("allow-symlinks", false);
|
||||||
|
boolean checkbannedips = configuration.getBoolean("check-banned-ips", true);
|
||||||
if(allow_symlinks)
|
if(allow_symlinks)
|
||||||
Log.verboseinfo("Web server is permitting symbolic links");
|
Log.verboseinfo("Web server is permitting symbolic links");
|
||||||
else
|
else
|
||||||
Log.verboseinfo("Web server is not permitting symbolic links");
|
Log.verboseinfo("Web server is not permitting symbolic links");
|
||||||
webServer = new HttpServer(bindAddress, port);
|
webServer = new HttpServer(bindAddress, port, checkbannedips);
|
||||||
webServer.handlers.put("/", new FilesystemHandler(getFile(configuration.getString("webpath", "web")), allow_symlinks));
|
webServer.handlers.put("/", new FilesystemHandler(getFile(configuration.getString("webpath", "web")), allow_symlinks));
|
||||||
webServer.handlers.put("/tiles/", new FilesystemHandler(tilesDirectory, allow_symlinks));
|
webServer.handlers.put("/tiles/", new FilesystemHandler(tilesDirectory, allow_symlinks));
|
||||||
webServer.handlers.put("/up/configuration", new ClientConfigurationHandler(this));
|
webServer.handlers.put("/up/configuration", new ClientConfigurationHandler(this));
|
||||||
|
@ -1,10 +1,16 @@
|
|||||||
package org.dynmap.web;
|
package org.dynmap.web;
|
||||||
|
|
||||||
|
import java.io.BufferedReader;
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.FileReader;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
|
import java.net.InetSocketAddress;
|
||||||
import java.net.ServerSocket;
|
import java.net.ServerSocket;
|
||||||
import java.net.Socket;
|
import java.net.Socket;
|
||||||
|
import java.net.SocketAddress;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
import java.util.HashSet;
|
||||||
import java.util.SortedMap;
|
import java.util.SortedMap;
|
||||||
import java.util.TreeMap;
|
import java.util.TreeMap;
|
||||||
import java.util.logging.Logger;
|
import java.util.logging.Logger;
|
||||||
@ -13,19 +19,20 @@ import org.dynmap.Log;
|
|||||||
|
|
||||||
public class HttpServer extends Thread {
|
public class HttpServer extends Thread {
|
||||||
protected static final Logger log = Logger.getLogger("Minecraft");
|
protected static final Logger log = Logger.getLogger("Minecraft");
|
||||||
protected static final String LOG_PREFIX = "[dynmap] ";
|
|
||||||
|
|
||||||
private ServerSocket sock = null;
|
private ServerSocket sock = null;
|
||||||
private Thread listeningThread;
|
private Thread listeningThread;
|
||||||
|
|
||||||
private InetAddress bindAddress;
|
private InetAddress bindAddress;
|
||||||
private int port;
|
private int port;
|
||||||
|
private boolean check_banned_ips;
|
||||||
|
|
||||||
public SortedMap<String, HttpHandler> handlers = new TreeMap<String, HttpHandler>(Collections.reverseOrder());
|
public SortedMap<String, HttpHandler> handlers = new TreeMap<String, HttpHandler>(Collections.reverseOrder());
|
||||||
|
|
||||||
public HttpServer(InetAddress bindAddress, int port) {
|
public HttpServer(InetAddress bindAddress, int port, boolean check_banned_ips) {
|
||||||
this.bindAddress = bindAddress;
|
this.bindAddress = bindAddress;
|
||||||
this.port = port;
|
this.port = port;
|
||||||
|
this.check_banned_ips = check_banned_ips;
|
||||||
}
|
}
|
||||||
|
|
||||||
public InetAddress getAddress() {
|
public InetAddress getAddress() {
|
||||||
@ -49,6 +56,11 @@ public class HttpServer extends Thread {
|
|||||||
while (listeningThread == Thread.currentThread()) {
|
while (listeningThread == Thread.currentThread()) {
|
||||||
try {
|
try {
|
||||||
Socket socket = s.accept();
|
Socket socket = s.accept();
|
||||||
|
if(checkForBannedIp(socket.getRemoteSocketAddress())) {
|
||||||
|
try { socket.close(); } catch (IOException iox) {}
|
||||||
|
socket = null;
|
||||||
|
}
|
||||||
|
|
||||||
HttpServerConnection requestThread = new HttpServerConnection(socket, this);
|
HttpServerConnection requestThread = new HttpServerConnection(socket, this);
|
||||||
requestThread.start();
|
requestThread.start();
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
@ -75,4 +87,64 @@ public class HttpServer extends Thread {
|
|||||||
Log.warning("Exception while closing socket for webserver shutdown", e);
|
Log.warning("Exception while closing socket for webserver shutdown", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private HashSet<String> banned_ips = new HashSet<String>();
|
||||||
|
private HashSet<String> banned_ips_notified = new HashSet<String>();
|
||||||
|
private long last_loaded = 0;
|
||||||
|
private long lastmod = 0;
|
||||||
|
private static final long BANNED_RELOAD_INTERVAL = 15000; /* Every 15 seconds */
|
||||||
|
|
||||||
|
private void loadBannedIPs() {
|
||||||
|
banned_ips.clear();
|
||||||
|
banned_ips_notified.clear();
|
||||||
|
File f = new File("banned-ips.txt");
|
||||||
|
if(f.exists() == false)
|
||||||
|
return;
|
||||||
|
if(f.lastModified() == lastmod) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
lastmod = f.lastModified();
|
||||||
|
BufferedReader rdr = null;
|
||||||
|
try {
|
||||||
|
rdr = new BufferedReader(new FileReader(f));
|
||||||
|
String line;
|
||||||
|
while((line = rdr.readLine()) != null) {
|
||||||
|
line = line.trim().toLowerCase(); /* Trim it and case normalize it */
|
||||||
|
if((line.length() == 0) || (line.charAt(0) == '#')) { /* Blank or comment? */
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
banned_ips.add(line);
|
||||||
|
}
|
||||||
|
} catch (IOException iox) {
|
||||||
|
Log.severe("Error reading banned-ips.txt!");
|
||||||
|
} finally {
|
||||||
|
if(rdr != null) {
|
||||||
|
try { rdr.close(); } catch (IOException iox) {}
|
||||||
|
rdr = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* Return true if address is banned */
|
||||||
|
public boolean checkForBannedIp(SocketAddress socketAddress) {
|
||||||
|
if(!check_banned_ips)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
long t = System.currentTimeMillis();
|
||||||
|
if((t < last_loaded) || ((t-last_loaded) > BANNED_RELOAD_INTERVAL)) {
|
||||||
|
loadBannedIPs();
|
||||||
|
last_loaded = t;
|
||||||
|
}
|
||||||
|
/* Follow same technique as MC uses - toString the SocketAddress and clip out string between "/" and ":" */
|
||||||
|
String ip = socketAddress.toString();
|
||||||
|
ip = ip.substring(ip.indexOf("/") + 1);
|
||||||
|
ip = ip.substring(0, ip.indexOf(":"));
|
||||||
|
if(banned_ips.contains(ip)) {
|
||||||
|
if(banned_ips_notified.contains(ip) == false) {
|
||||||
|
Log.info("Rejected connection by banned IP address - " + socketAddress.toString());
|
||||||
|
banned_ips_notified.add(ip);
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -115,7 +115,7 @@ public class HttpServerConnection extends Thread {
|
|||||||
public final void writeResponseHeader(HttpResponse response) throws IOException {
|
public final void writeResponseHeader(HttpResponse response) throws IOException {
|
||||||
writeResponseHeader(printOut, response);
|
writeResponseHeader(printOut, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void run() {
|
public void run() {
|
||||||
try {
|
try {
|
||||||
if (socket == null)
|
if (socket == null)
|
||||||
@ -128,6 +128,11 @@ public class HttpServerConnection extends Thread {
|
|||||||
|
|
||||||
printOut = new PrintStream(out, false);
|
printOut = new PrintStream(out, false);
|
||||||
while (true) {
|
while (true) {
|
||||||
|
/* Check for start of each request - kicks out persistent connections */
|
||||||
|
if(server.checkForBannedIp(rmtaddr)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
HttpRequest request = new HttpRequest();
|
HttpRequest request = new HttpRequest();
|
||||||
request.rmtaddr = rmtaddr;
|
request.rmtaddr = rmtaddr;
|
||||||
if (!readRequestHeader(in, request)) {
|
if (!readRequestHeader(in, request)) {
|
||||||
|
Loading…
Reference in New Issue
Block a user