#include "ixfrdist-web.hh"
#include <thread>
#include "threadname.hh"
+#include "iputils.hh"
#include "ixfrdist-stats.hh"
string doGetStats();
-IXFRDistWebServer::IXFRDistWebServer(const ComboAddress &listenAddress) {
+IXFRDistWebServer::IXFRDistWebServer(const ComboAddress &listenAddress, const NetmaskGroup &acl) {
// TODO wrap in smart pointer
d_ws = new WebServer(listenAddress.toString() , listenAddress.getPort());
+ d_ws->setACL(acl);
d_ws->bind();
}
}
}
};
+
+template<>
+struct convert<Netmask> {
+ static Node encode(const Netmask& rhs) {
+ return Node(rhs.toString());
+ }
+ static bool decode(const Node& node, Netmask& rhs) {
+ if (!node.IsScalar()) {
+ return false;
+ }
+ try {
+ rhs = Netmask(node.as<string>());
+ return true;
+ } catch(const runtime_error &e) {
+ return false;
+ } catch (const PDNSException &e) {
+ return false;
+ }
+ }
+};
} // namespace YAML
struct ixfrdiff_t {
}
}
+ if (config["webserver-acl"]) {
+ try {
+ config["webserver-acl"].as<vector<Netmask>>();
+ }
+ catch (const runtime_error &e) {
+ g_log<<Logger::Error<<"Unable to read 'webserver-address' value: "<<e.what()<<endl;
+ retval = false;
+ }
+ }
+
return retval;
}
}
if (config["webserver-address"]) {
- auto ws = IXFRDistWebServer(config["webserver-address"].as<ComboAddress>());
+ NetmaskGroup wsACL;
+ wsACL.addMask("127.0.0.0/8");
+ wsACL.addMask("::1/128");
+
+ if (config["webserver-acl"]) {
+ wsACL.clear();
+ for (const auto &acl : config["webserver-acl"].as<vector<Netmask>>()) {
+ wsACL.addMask(acl);
+ }
+ }
+
+ auto ws = IXFRDistWebServer(config["webserver-address"].as<ComboAddress>(), wsACL);
ws.go();
}
#
webserver-address: 127.0.0.1:8080
+# The IP address(masks) that allowed to access the webserver. When not set,
+# it defaults to 127.0.0.0/8, ::1/128
+#
+webserver-acl:
+ - 127.0.0.0/8
+ - ::1/128
+
# The domains to redistribute, the 'master' and 'domains' keys are mandatory.
# When no port is specified, 53 is used. When specifying ports for IPv6, use the
# "bracket" notation:
projects / thirdparty / pdns.git / commitdiff
