[Fencommits] fenserve: put in resource limitation; allow state changes only from localhost (need to give error message to non-localhosts trying to modify the state, though...)

Benja Fallenstein benja.fallenstein at gmail.com
Sun Mar 25 19:49:30 EEST 2007 

Sun Mar 25 19:49:09 EEST 2007  Benja Fallenstein <benja.fallenstein at gmail.com>
  * put in resource limitation; allow state changes only from localhost (need to give error message to non-localhosts trying to modify the state, though...)
diff -rN -u old-fenserve/Main.hs new-fenserve/Main.hs
--- old-fenserve/Main.hs	2007-03-25 19:49:30.000000000 +0300
+++ new-fenserve/Main.hs	2007-03-25 19:49:30.000000000 +0300
@@ -32,23 +32,31 @@
 import qualified Data.Map as Map
 import Data.Map (Map)
 
+import System.Posix.Resource
+
 asURI :: SURI -> Maybe SURI
 asURI = Just
 
-localhostOnlyFilter = Handle $ \req -> do
-    if fst (rqPeer req) `elem` ["localhost","localhost.localdomain"] 
-        then request req else respond $ return $
-        mkResult 403 "text/html" $ toUTF "403 Forbidden: Try from localhost"
+isLocalhost req = fst (rqPeer req) `elem` ["localhost","localhost.localdomain"]
+
+{-localhostOnlyFilter = Handle $ \req -> do
+    if isLocalhost req then request req else respond $ return $
+        mkResult 403 "text/html" $ toUTF "403 Forbidden: Try from localhost"-}
         
 fenserveHandler = Handle $ \req -> do
     state <- get; rq <- getEvent
     let (result, state') = runFenServe (handleRequest rq) state
-    when (not $ rqMethod req `elem` [GET,HEAD]) $ put state'
+    when (not $ rqMethod req `elem` [GET,HEAD]) $ 
+        when (isLocalhost req) $ put state'
     respond $ return result
 
 main :: IO ()
-main = stdHTTP
-  [ debugFilter
-  , localhostOnlyFilter
-  , fenserveHandler
-  ]
+main = do
+  setResourceLimit ResourceCPUTime $ ResourceLimits 
+      (ResourceLimit 180) (ResourceLimit 300)
+  setResourceLimit ResourceTotalMemory $ let mb = 1024*1024 in ResourceLimits 
+      (ResourceLimit $ 50 * mb) (ResourceLimit $ 100 * mb)
+  stdHTTP [ debugFilter
+          --, localhostOnlyFilter
+          , fenserveHandler
+          ]
diff -rN -u old-fenserve/fenserve.cabal new-fenserve/fenserve.cabal
--- old-fenserve/fenserve.cabal	2007-03-25 19:49:30.000000000 +0300
+++ new-fenserve/fenserve.cabal	2007-03-25 19:49:30.000000000 +0300
@@ -5,7 +5,7 @@
 Author:         Benja Fallenstein
 Maintainer:     fenfire-dev at nongnu.org
 Build-Depends:  base, mtl, network, HAppS, fenfire, glib, plugins,
-                haskell-src-exts
+                haskell-src-exts, unix
 
 Executable:     fenserve
 Main-Is:        Main.hs

More information about the Fencommits mailing list