First code (not working) for forbidden domains

11 years ago · a1b7c75204
parent 677548c9db
commit a1b7c75204
2 changed files with 21 additions and 3 deletions
--- a/DNSLG/init.py
+++ b/DNSLG/init.py
@ -53,7 +53,8 @@ class Querier:
                 bucket_size=default_bucket_size,
                 whitelist=default_whitelist, edns_size=default_edns_size,
                 handle_wk_files=default_handle_wk_files,
-                 google_code=None, description=None, description_html=None):
+                 google_code=None, description=None, description_html=None, 
+                 forbidden_suffixes=[]):
        self.resolver = Resolver.Resolver(edns_payload=edns_size)
        self.buckets = {}
        self.base_url = base_url
@ -72,6 +73,12 @@ class Querier:
        self.google_code = google_code
        self.description = description
        self.description_html = description_html
+        self.forbidden_suffixes = []
+        for suffix in forbidden_suffixes:
+            if suffix != '':
+                if not suffix.endswith('.'):
+                    suffix += '.'
+                self.forbidden_suffixes.append(suffix)
        self.resolver.reset()
        
    def default(self, start_response, path):
@ -185,7 +192,13 @@ Disallow: /
            domain += '.'
        if domain == 'root.':
            domain = '.'
-        domain = unicode(domain, self.encoding)    
+        domain = unicode(domain, self.encoding)
+        for forbidden in self.forbidden_suffixes:
+            if domain.endswith(forbidden):
+                output = "You cannot query local domain %s" % forbidden
+                send_response(start_response, '403 Local domain is private',
+                              output, plaintype)
+                return [output]
        punycode_domain = punycode_of(domain)
        if punycode_domain != domain:
            qdomain = punycode_domain.encode("US-ASCII")
--- a/sample-wsgi-dnslg-with-config-file.py
+++ b/sample-wsgi-dnslg-with-config-file.py
@ -2,6 +2,7 @@

 import ConfigParser
 import sys
+import string

 import DNSLG

@ -31,6 +32,7 @@ except IOError:
    print >>sys.stderr, "Cannot open configuration file %s" % config_file_name
    sys.exit(1)
 config.readfp(config_file)
+config.set('DEFAULT', 'forbidden_domains', '')
 if not config.has_section(SECTION):
    config.add_section(SECTION)
 email_admin = config.get(SECTION, 'email_administrator')
@ -46,6 +48,8 @@ description = config.get(SECTION, 'description')
 description_html = config.get(SECTION, 'description_html')
 google_code = config.get(SECTION, 'code_google_webmasters')
 edns_size = config.get(SECTION, 'size_edns')
+forbidden_str = config.get(SECTION, 'forbidden_domains')
+forbidden = string.split(forbidden_str, ':')
 if edns_size is None or edns_size == "":
    edns_size = None
 else:
@ -58,6 +62,7 @@ querier = DNSLG.Querier(email_admin=email_admin, url_doc=url_doc, url_css=url_cs
                        edns_size=edns_size, bucket_size=rl_bucket_size,
                        google_code=google_code,
                        handle_wk_files=handle_wellknown_files,
-                        description=description, description_html=description_html)
+                        description=description, description_html=description_html,
+                        forbidden_suffixes=forbidden)

 application = querier.application