From: plugd Date: Thu, 10 Feb 2022 11:38:09 +0000 (+0100) Subject: Fixed bugs in the blacklist logic. X-Git-Url: https://thelambdalab.xyz/gitweb/index.cgi?a=commitdiff_plain;h=007e8abcbc7dcfc2a292188c617f3c98c4e034ba;p=rags.git Fixed bugs in the blacklist logic. --- diff --git a/rags.scm b/rags.scm index f5da596..febfd82 100644 --- a/rags.scm +++ b/rags.scm @@ -194,7 +194,14 @@ "Port: '" (config-port config) "'\n" "Root directory: '" (config-root-dir config) "'\n" "Cert file: '" (config-certfile config) "'\n" - "Key file: '" (config-keyfile config) "'\n") + "Key file: '" (config-keyfile config) "'") + + (if (config-blacklist config) + (print "Blacklist file: '" (config-blacklist config) "'")) + (if (config-blacklist-resp config) + (print "Blacklist responce file: '" (config-blacklist-resp config) "'")) + + (print) (print* "Dropping privilages ... ") (drop-privs config) @@ -235,26 +242,29 @@ (print "Accepted connection from " remote-ip " on " (seconds->string)) (condition-case - (if (or (config-blacklist config) - (not (member remote-ip - (with-input-from-file - (config-blacklist config))))) - (let ((request-line (read-line in-port))) - (print* "Serving request '" request-line "' ... ") - (with-output-to-port out-port - (lambda () - (process-request config request-line))) - (print "done.")) + (if (and (config-blacklist config) + (member remote-ip + (with-input-from-file + (config-blacklist config) + read))) (begin (print "Connection from blacklisted IP. Closing.") (with-output-to-port out-port (lambda () - (print* "Refusing to serve to IP " remote-ip ".\n") + (serve-document-header (ext->mime "txt")) + (print "Refusing to serve to IP " remote-ip ".\n") (when (config-blacklist-resp config) + (print) (for-each print (with-input-from-file (config-blacklist-resp config) - read-lines))))))) + read-lines)))))) + (let ((request-line (read-line in-port))) + (print* "Serving request '" request-line "' ... ") + (with-output-to-port out-port + (lambda () + (process-request config request-line))) + (print "done."))) (o (exn) (print-error-message o)))) (close-input-port in-port) @@ -267,7 +277,12 @@ (print "Usage:\n" progname " [-h/--help]\n" progname " [-p/--port PORT] [-u/--user UID] [-g/--group GID]\n" - indent-str " server-root-dir hostname certfile keyfile"))) + indent-str " [-b/--blacklist FILE] [-r/--blacklist-resp RESPFILE]\n" + indent-str " server-root-dir hostname certfile keyfile\n" + "\n" + "The -b option can be used to specify a FILE containing a list of IP addresses\n" + "to block from the server. If a connection from a blocked address is served,\n" + "the response file RESPFILE is served instead, if this is provided."))) (define (main) (let* ((progname (pathname-file (car (argv))))