::arg().set("webserver-address","IP Address of webserver to listen on")="127.0.0.1";
::arg().set("webserver-port","Port of webserver to listen on")="8081";
::arg().set("webserver-password","Password required for accessing the webserver")="";
+ ::arg().set("webserver-allow-from","Webserver access is only allowed from these subnets")="0.0.0.0/0,::/0";
::arg().setSwitch("out-of-zone-additional-processing","Do out of zone additional processing")="yes";
::arg().setSwitch("do-ipv6-additional-processing", "Do AAAA additional processing")="yes";
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>webserver-allow-from</term>
+ <listitem>
+ <para>
+ Webserver access is only allowed from these subnets
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</sect3>
<sect3><title>Removed options</title>
#
# webserver-address=127.0.0.1
+#################################
+# webserver-allow-from Webserver access is only allowed from these subnets
+#
+# webserver-allow-from=0.0.0.0/0,::/0
+
#################################
# webserver-password Password required for accessing the webserver
#
::arg().set("experimental-webserver-address", "IP Address of webserver to listen on") = "127.0.0.1";
::arg().set("experimental-webserver-port", "Port of webserver to listen on") = "8082";
::arg().set("experimental-webserver-password", "Password required for accessing the webserver") = "";
+ ::arg().set("webserver-allow-from","Webserver access is only allowed from these subnets")="0.0.0.0/0,::/0";
::arg().set("experimental-api-config-dir", "Directory where REST API stores config and zones") = "";
::arg().set("carbon-ourname", "If set, overrides our reported hostname for carbon stats")="";
::arg().set("carbon-server", "If set, send metrics in carbon (graphite) format to this server")="";
return new Socket(s);
}
+ //! Check remote address aganst netmaskgroup ng
+ bool acl(NetmaskGroup &ng)
+ {
+ ComboAddress remote;
+ socklen_t remotelen=sizeof(remote);
+ if(getpeername(d_socket, (struct sockaddr *)&remote, &remotelen) >= 0)
+ return ng.match((ComboAddress *) &remote);
+
+ return false;
+ }
+
//! Set the socket to non-blocking
void setNonBlocking()
{
#include "dns.hh"
#include "base64.hh"
#include "json.hh"
+#include "arguments.hh"
#include <yahttp/router.hpp>
struct connectionThreadData {
try {
pthread_t tid;
+ NetmaskGroup acl;
+ acl.toMasks(::arg()["webserver-allow-from"]);
+
while(true) {
// data and data->client will be freed by thread
connectionThreadData *data = new connectionThreadData;
data->webServer = this;
data->client = d_server->accept();
- pthread_create(&tid, 0, &WebServerConnectionThreadStart, (void *)data);
+ if (data->client->acl(acl)) {
+ pthread_create(&tid, 0, &WebServerConnectionThreadStart, (void *)data);
+ } else {
+ delete data->client; // close socket
+ delete data;
+ }
}
}
+ catch(PDNSException &e) {
+ L<<Logger::Error<<"PDNSException in main webserver thread: "<<e.reason<<endl;
+ }
catch(std::exception &e) {
L<<Logger::Error<<"STL Exception in main webserver thread: "<<e.what()<<endl;
}
projects / thirdparty / pdns.git / commitdiff
