diff options
Diffstat (limited to 'jetty-servlets')
-rw-r--r-- | jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java | 16 | ||||
-rw-r--r-- | jetty-servlets/src/test/java/org/eclipse/jetty/servlets/DoSFilterTest.java | 21 |
2 files changed, 27 insertions, 10 deletions
diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java index 0b6c6ea45f..44ee4af813 100644 --- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java +++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java @@ -719,6 +719,10 @@ public class DoSFilter implements Filter prefix -= 8; ++index; } + + if (index == result.length) + return result; + // Sets the _prefix_ most significant bits to 1 result[index] = (byte)~((1 << (8 - prefix)) - 1); return result; @@ -1045,6 +1049,18 @@ public class DoSFilter implements Filter _whitelist.addAll(result); LOG.debug("Whitelisted IP addresses: {}", result); } + + /** + * Set a list of IP addresses that will not be rate limited. + * + * @param values whitelist + */ + public void setWhitelist(List<String> values) + { + clearWhitelist(); + _whitelist.addAll(values); + LOG.debug("Whitelisted IP addresses: {}", values); + } /** * Clears the list of whitelisted IP addresses diff --git a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/DoSFilterTest.java b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/DoSFilterTest.java index caa7a1ac16..824d623afa 100644 --- a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/DoSFilterTest.java +++ b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/DoSFilterTest.java @@ -79,19 +79,20 @@ public class DoSFilterTest extends AbstractDoSFilterTest { DoSFilter filter = new DoSFilter(); List<String> whitelist = new ArrayList<String>(); - whitelist.add("192.168.0.1"); + whitelist.add("192.168.0.1/32"); whitelist.add("10.0.0.0/8"); whitelist.add("4d8:0:a:1234:ABc:1F:b18:17"); whitelist.add("4d8:0:a:1234:ABc:1F:0:0/96"); - Assert.assertTrue(filter.checkWhitelist(whitelist, "192.168.0.1")); - Assert.assertFalse(filter.checkWhitelist(whitelist, "192.168.0.2")); - Assert.assertFalse(filter.checkWhitelist(whitelist, "11.12.13.14")); - Assert.assertTrue(filter.checkWhitelist(whitelist, "10.11.12.13")); - Assert.assertTrue(filter.checkWhitelist(whitelist, "10.0.0.0")); - Assert.assertFalse(filter.checkWhitelist(whitelist, "0.0.0.0")); - Assert.assertTrue(filter.checkWhitelist(whitelist, "4d8:0:a:1234:ABc:1F:b18:17")); - Assert.assertTrue(filter.checkWhitelist(whitelist, "4d8:0:a:1234:ABc:1F:b18:0")); - Assert.assertFalse(filter.checkWhitelist(whitelist, "4d8:0:a:1234:ABc:1D:0:0")); + filter.setWhitelist(whitelist); + Assert.assertTrue(filter.checkWhitelist("192.168.0.1")); + Assert.assertFalse(filter.checkWhitelist("192.168.0.2")); + Assert.assertFalse(filter.checkWhitelist("11.12.13.14")); + Assert.assertTrue(filter.checkWhitelist("10.11.12.13")); + Assert.assertTrue(filter.checkWhitelist("10.0.0.0")); + Assert.assertFalse(filter.checkWhitelist("0.0.0.0")); + Assert.assertTrue(filter.checkWhitelist("4d8:0:a:1234:ABc:1F:b18:17")); + Assert.assertTrue(filter.checkWhitelist("4d8:0:a:1234:ABc:1F:b18:0")); + Assert.assertFalse(filter.checkWhitelist("4d8:0:a:1234:ABc:1D:0:0")); } private boolean hitRateTracker(DoSFilter doSFilter, int sleep) throws InterruptedException |