Fixed bugs in the blacklist logic.

diff --git a/rags.scm b/rags.scm
index f5da596..febfd82 100644 (file)
--- a/rags.scm
+++ b/rags.scm
@@ -194,7 +194,14 @@
          "Port: '" (config-port config) "'\n"
          "Root directory: '" (config-root-dir config) "'\n"
          "Cert file: '" (config-certfile config) "'\n"
-         "Key file: '" (config-keyfile config) "'\n")
+         "Key file: '" (config-keyfile config) "'")
+
+  (if (config-blacklist config)
+      (print "Blacklist file: '" (config-blacklist config) "'"))
+  (if (config-blacklist-resp config)
+      (print "Blacklist responce file: '" (config-blacklist-resp config) "'"))
+
+  (print)
 
   (print* "Dropping privilages ... ")
   (drop-privs config)
@@ -235,26 +242,29 @@
       (print "Accepted connection from " remote-ip
              " on " (seconds->string))
       (condition-case
-          (if (or (config-blacklist config)
-                  (not (member remote-ip
-                               (with-input-from-file
-                                   (config-blacklist config)))))
-              (let ((request-line (read-line in-port)))
-                (print* "Serving request '" request-line "' ... ")
-                (with-output-to-port out-port
-                  (lambda ()
-                    (process-request config request-line)))
-                (print "done."))
+          (if (and (config-blacklist config)
+                   (member remote-ip
+                           (with-input-from-file
+                               (config-blacklist config)
+                             read)))
               (begin
                 (print "Connection from blacklisted IP. Closing.")
                 (with-output-to-port out-port
                   (lambda ()
-                    (print* "Refusing to serve to IP " remote-ip ".\n")
+                    (serve-document-header (ext->mime "txt"))
+                    (print "Refusing to serve to IP " remote-ip ".\n")
                     (when (config-blacklist-resp config)
+                      (print)
                       (for-each print
                                 (with-input-from-file
                                     (config-blacklist-resp config)
-                                  read-lines)))))))
+                                  read-lines))))))
+              (let ((request-line (read-line in-port)))
+                (print* "Serving request '" request-line "' ... ")
+                (with-output-to-port out-port
+                  (lambda ()
+                    (process-request config request-line)))
+                (print "done.")))
         (o (exn)
            (print-error-message o))))
     (close-input-port in-port)
@@ -267,7 +277,12 @@
     (print "Usage:\n"
            progname " [-h/--help]\n"
            progname " [-p/--port PORT] [-u/--user UID] [-g/--group GID]\n"
-           indent-str " server-root-dir hostname certfile keyfile")))
+           indent-str " [-b/--blacklist FILE] [-r/--blacklist-resp RESPFILE]\n"
+           indent-str " server-root-dir hostname certfile keyfile\n"
+           "\n"
+           "The -b option can be used to specify a FILE containing a list of IP addresses\n"
+           "to block from the server. If a connection from a blocked address is served,\n"
+           "the response file RESPFILE is served instead, if this is provided.")))
 
 (define (main)
   (let* ((progname (pathname-file (car (argv))))