allows <badReferrers>

<host>http://toto</host>
  <host>http://tata</host>
</badReferrers> in configuration files; those referrers will get a 403
(special dedicace to http://bockvan.blogspot.com/ and http://jpalanco.blogspot.com/)
This commit is contained in:
fpeters 2005-01-28 00:20:12 +00:00
parent e5cda5cc10
commit 951697e0ee
1 changed files with 20 additions and 0 deletions

View File

@ -236,6 +236,13 @@ class AbstractStation(object):
location = nodes[0].content.strip()
return nodesOwner.convertRelativeLocationToAbsolutePath(location)
def convertNodesToList(self, nodes, nodesOwner, xpath, default = "none"):
if not nodes:
if default == "none":
raise KeyError(xpath)
return default
return [x.content for x in nodes]
def convertNodesToPythonClass(self, nodes, nodesOwner, xpath, default = "none"):
if not nodes:
if default == "none":
@ -576,6 +583,11 @@ class AbstractStation(object):
xpath, ignoreGeneralValue = ignoreGeneralValue)
return bool(nodes)
def getConfigList(self, xpath, default = "none", ignoreGeneralValue = False):
nodes, nodesOwner = self.getConfigNodesAndOwner(
xpath, ignoreGeneralValue = ignoreGeneralValue)
return self.convertNodesToList(nodes, nodesOwner, xpath, default = default)
def getConfigNodesAndOwner(self, xpath, ignoreGeneralValue = False):
assert not ignoreGeneralValue
return self.getConfigStationNodesAndOwner(xpath)
@ -946,6 +958,13 @@ class AbstractStation(object):
uriPathFragments = contentUriPathFragments
# There is no content. The walk is finished (at least, it seems so) => call the default
# function.
# but first we may want to forbid a few referrers
bad_referrers = self.getConfigList("yep:badReferrers/yep:host", default = [])
if environs.getVar("httpRequestHandler").headers.get("Referer", "") in bad_referrers:
return environs.getVar("httpRequestHandler").outputErrorAccessForbidden(
self.getUriAbsolutePath())
try:
if command is None:
function = self.doHttpAccess
@ -967,6 +986,7 @@ class AbstractStation(object):
raise Exception('Unknown HTTP command "%s"' % command)
except AttributeError:
function = None
logs.info('%s%s()' % (" " * stations._depth, function.__name__))
r = self.walkToFunction(function, uriPathFragments, command, instruction)
stations._depth -= 1