From f0e5e1141e2d999ed292a38d9fee1df7c0a4311f Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Tue, 29 Jul 2014 15:01:55 +0200
Subject: [PATCH] log denied webserver connections

---
 pdns/sstuff.hh    | 9 +++++++--
 pdns/webserver.cc | 3 +++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/pdns/sstuff.hh b/pdns/sstuff.hh
index 03bcafc1d9..0db6030fe0 100644
--- a/pdns/sstuff.hh
+++ b/pdns/sstuff.hh
@@ -78,12 +78,17 @@ public:
     return new Socket(s);
   }
 
+  //! Get remote address
+  bool getRemote(ComboAddress &remote) {
+    socklen_t remotelen=sizeof(remote);
+    return (getpeername(d_socket, (struct sockaddr *)&remote, &remotelen) >= 0);
+  }
+
   //! Check remote address aganst netmaskgroup ng
   bool acl(NetmaskGroup &ng)
   {
     ComboAddress remote;
-    socklen_t remotelen=sizeof(remote);
-    if(getpeername(d_socket, (struct sockaddr *)&remote, &remotelen) >= 0)
+    if (getRemote(remote))
       return ng.match((ComboAddress *) &remote);
 
     return false;
diff --git a/pdns/webserver.cc b/pdns/webserver.cc
index 48b7d662f3..a55cc7d38b 100644
--- a/pdns/webserver.cc
+++ b/pdns/webserver.cc
@@ -299,6 +299,9 @@ void WebServer::go()
       if (data->client->acl(acl)) {
         pthread_create(&tid, 0, &WebServerConnectionThreadStart, (void *)data);
       } else {
+        ComboAddress remote;
+        if (data->client->getRemote(remote))
+          L<<Logger::Error<<"Webserver closing socket: remote ("<< remote.toString() <<") does not match 'webserver-allow-from'"<<endl;
         delete data->client; // close socket
         delete data;
       }
-- 
2.47.2