Selector /server-status can now be disabled and no longer leaks IP addresses by default

2024-06-16 06:25:23 +00:00 · 2018-01-28 17:43:35 +02:00 · 2018-01-28 17:43:35 +02:00 · 2b522069cd
commit 2b522069cd
parent ff90756b80
5 changed files with 18 additions and 12 deletions
--- a/3
+++ b/3
@ -40,11 +40,12 @@ Command line options:
    -nq           Disable HTTP-style query strings (?query)
    -ns           Disable logging to syslog
    -na           Disable autogenerated caps.txt
+    -nt           Disable /server-status
    -nm           Disable shared memory use (for debugging)
    -nr           Disable root user checking (for debugging)
    -np           Disable HAproxy proxy protocol

-    -d            Debug to syslog (not for production use)
+    -d            Debug output in syslog and /server-status
    -v            Display version number and build date
    -b            Display the BSD license
    -?            Display this help
--- a/file.c
+++ b/file.c
@ -204,16 +204,18 @@ void server_status(state *st, shm_state *shm, int shmid)
 		if ((now - shm->session[i].req_atime) < st->session_timeout) {
 			sessions++;

-			printf("Session: %-4i %-40s %-4li %-7li gopher%s://%s:%i/%c%s" CRLF,
-				(int) (now - shm->session[i].req_atime),
-				shm->session[i].req_remote_addr,
-				shm->session[i].hits,
-				shm->session[i].kbytes,
-				(shm->session[i].server_port == st->server_tls_port ? "s" : ""),
-				shm->session[i].server_host,
-				shm->session[i].server_port,
-				shm->session[i].req_filetype,
-				shm->session[i].req_selector);
+			if (st->debug) {
+				printf("Session: %-4i %-40s %-4li %-7li gopher%s://%s:%i/%c%s" CRLF,
+					(int) (now - shm->session[i].req_atime),
+					shm->session[i].req_remote_addr,
+					shm->session[i].hits,
+					shm->session[i].kbytes,
+					(shm->session[i].server_port == st->server_tls_port ? "s" : ""),
+					shm->session[i].server_host,
+					shm->session[i].server_port,
+					shm->session[i].req_filetype,
+					shm->session[i].req_selector);
+			}
 		}
 	}

--- a/gophernicus.c
+++ b/gophernicus.c
@ -450,6 +450,7 @@ void init_state(state *st)
 	st->opt_iconv = TRUE;
 	st->opt_query = TRUE;
 	st->opt_caps = TRUE;
+	st->opt_status = TRUE;
 	st->opt_shm = TRUE;
 	st->opt_root = TRUE;
 	st->opt_proxy = TRUE;
@ -676,7 +677,7 @@ get_selector:

 	/* Handle /server-status requests */
 #ifdef HAVE_SHMEM
-	if (sstrncmp(st.req_selector, SERVER_STATUS) == MATCH) {
+	if (st.opt_status && sstrncmp(st.req_selector, SERVER_STATUS) == MATCH) {
 		if (shm) server_status(&st, shm, shmid);
 		return OK;
 	}
--- a/gophernicus.h
+++ b/gophernicus.h
@ -348,6 +348,7 @@ typedef struct {
 	char opt_vhost;
 	char opt_query;
 	char opt_caps;
+	char opt_status;
 	char opt_shm;
 	char opt_root;
 	char opt_proxy;
--- a/options.c
+++ b/options.c
@ -140,6 +140,7 @@ void parse_args(state *st, int argc, char *argv[])
 				if (*optarg == 'q') { st->opt_query = FALSE; break; }
 				if (*optarg == 's') { st->opt_syslog = FALSE; break; }
 				if (*optarg == 'a') { st->opt_caps = FALSE; break; }
+				if (*optarg == 't') { st->opt_status = FALSE; break; }
 				if (*optarg == 'm') { st->opt_shm = FALSE; break; }
 				if (*optarg == 'r') { st->opt_root = FALSE; break; }
 				if (*optarg == 'p') { st->opt_proxy = FALSE; break; }