allows <badReferrers>
<host>http://toto</host> <host>http://tata</host> </badReferrers> in configuration files; those referrers will get a 403 (special dedicace to http://bockvan.blogspot.com/ and http://jpalanco.blogspot.com/)
This commit is contained in:
parent
e5cda5cc10
commit
951697e0ee
|
@ -236,6 +236,13 @@ class AbstractStation(object):
|
|||
location = nodes[0].content.strip()
|
||||
return nodesOwner.convertRelativeLocationToAbsolutePath(location)
|
||||
|
||||
def convertNodesToList(self, nodes, nodesOwner, xpath, default = "none"):
|
||||
if not nodes:
|
||||
if default == "none":
|
||||
raise KeyError(xpath)
|
||||
return default
|
||||
return [x.content for x in nodes]
|
||||
|
||||
def convertNodesToPythonClass(self, nodes, nodesOwner, xpath, default = "none"):
|
||||
if not nodes:
|
||||
if default == "none":
|
||||
|
@ -576,6 +583,11 @@ class AbstractStation(object):
|
|||
xpath, ignoreGeneralValue = ignoreGeneralValue)
|
||||
return bool(nodes)
|
||||
|
||||
def getConfigList(self, xpath, default = "none", ignoreGeneralValue = False):
|
||||
nodes, nodesOwner = self.getConfigNodesAndOwner(
|
||||
xpath, ignoreGeneralValue = ignoreGeneralValue)
|
||||
return self.convertNodesToList(nodes, nodesOwner, xpath, default = default)
|
||||
|
||||
def getConfigNodesAndOwner(self, xpath, ignoreGeneralValue = False):
|
||||
assert not ignoreGeneralValue
|
||||
return self.getConfigStationNodesAndOwner(xpath)
|
||||
|
@ -946,6 +958,13 @@ class AbstractStation(object):
|
|||
uriPathFragments = contentUriPathFragments
|
||||
# There is no content. The walk is finished (at least, it seems so) => call the default
|
||||
# function.
|
||||
|
||||
# but first we may want to forbid a few referrers
|
||||
bad_referrers = self.getConfigList("yep:badReferrers/yep:host", default = [])
|
||||
if environs.getVar("httpRequestHandler").headers.get("Referer", "") in bad_referrers:
|
||||
return environs.getVar("httpRequestHandler").outputErrorAccessForbidden(
|
||||
self.getUriAbsolutePath())
|
||||
|
||||
try:
|
||||
if command is None:
|
||||
function = self.doHttpAccess
|
||||
|
@ -967,6 +986,7 @@ class AbstractStation(object):
|
|||
raise Exception('Unknown HTTP command "%s"' % command)
|
||||
except AttributeError:
|
||||
function = None
|
||||
|
||||
logs.info('%s%s()' % (" " * stations._depth, function.__name__))
|
||||
r = self.walkToFunction(function, uriPathFragments, command, instruction)
|
||||
stations._depth -= 1
|
||||
|
|
Reference in New Issue