restrict pillar access to hostsharing servers
This commit is contained in:
parent
1b447b3f85
commit
d735e8c616
@ -16,6 +16,8 @@ public class IPv6Trick {
|
|||||||
private static final String IPv4_83_223_94 = "83.223.94"; // e-Shelter Berlin
|
private static final String IPv4_83_223_94 = "83.223.94"; // e-Shelter Berlin
|
||||||
private static final String IPv6_PREFIX_ES = "2a01:37:3000::1";
|
private static final String IPv6_PREFIX_ES = "2a01:37:3000::1";
|
||||||
|
|
||||||
|
private static final String IPv6_PREFIX_HS = "2a01:37:";
|
||||||
|
private static final String IPv6_PREFIX_HS_ALT = "2a01:0037:";
|
||||||
|
|
||||||
public static String convertIPv4ToIPv6(final String ipv4address) throws ProcessorException {
|
public static String convertIPv4ToIPv6(final String ipv4address) throws ProcessorException {
|
||||||
if (ipv4address == null || ipv4address.length() == 0) {
|
if (ipv4address == null || ipv4address.length() == 0) {
|
||||||
@ -38,6 +40,22 @@ public class IPv6Trick {
|
|||||||
throw new ProcessorException("unknown IPv4 address given");
|
throw new ProcessorException("unknown IPv4 address given");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static boolean isKnownRemote(final String remoteAddress) {
|
||||||
|
boolean isKnown = false;
|
||||||
|
if (remoteAddress.startsWith(IPv6_PREFIX_HS) || remoteAddress.startsWith(IPv6_PREFIX_HS_ALT)) {
|
||||||
|
// Hostsharing IPv6
|
||||||
|
isKnown = true;
|
||||||
|
}
|
||||||
|
if (remoteAddress.startsWith(IPv4_83_223_78) || remoteAddress.startsWith(IPv4_83_223_94)) {
|
||||||
|
// e-Shelter
|
||||||
|
isKnown = true;
|
||||||
|
}
|
||||||
|
if (remoteAddress.startsWith(IPv4_83_223_79) || remoteAddress.startsWith(IPv4_83_223_91) || remoteAddress.startsWith(IPv4_83_223_95)) {
|
||||||
|
// Speedbone Alboin Kontor
|
||||||
|
isKnown = true;
|
||||||
|
}
|
||||||
|
return isKnown;
|
||||||
|
}
|
||||||
|
|
||||||
private static String embedIPv4Address(final InetAddress ipv4address, final InetAddress ipv6Mask) throws UnknownHostException {
|
private static String embedIPv4Address(final InetAddress ipv4address, final InetAddress ipv6Mask) throws UnknownHostException {
|
||||||
final byte[] ipv4Bytes = ipv4address.getAddress();
|
final byte[] ipv4Bytes = ipv4address.getAddress();
|
||||||
|
@ -12,8 +12,11 @@ import javax.servlet.http.HttpServlet;
|
|||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
import org.apache.commons.httpclient.HttpStatus;
|
||||||
|
|
||||||
import de.hsadmin.core.model.Transaction;
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.core.qserv.ProcessorException;
|
import de.hsadmin.core.qserv.ProcessorException;
|
||||||
|
import de.hsadmin.core.util.IPv6Trick;
|
||||||
import de.hsadmin.mods.pac.Hive;
|
import de.hsadmin.mods.pac.Hive;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.pac.PacComponent;
|
import de.hsadmin.mods.pac.PacComponent;
|
||||||
@ -24,7 +27,12 @@ public class JsonPillarServlet extends HttpServlet {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
|
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
|
||||||
final Transaction transaction = new Transaction("pilalr");
|
final String remoteAddr = req.getRemoteAddr();
|
||||||
|
if (!IPv6Trick.isKnownRemote(remoteAddr)) {
|
||||||
|
resp.sendError(HttpStatus.SC_UNAUTHORIZED);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
final Transaction transaction = new Transaction("pillar");
|
||||||
final EntityManager em = transaction.getEntityManager();
|
final EntityManager em = transaction.getEntityManager();
|
||||||
final String hiveFqdn = req.getParameter("hive");
|
final String hiveFqdn = req.getParameter("hive");
|
||||||
String hiveName = "";
|
String hiveName = "";
|
||||||
|
Loading…
Reference in New Issue
Block a user