Permalink
Browse files

ENH: rudimentary ip-based access control to grid.cgi

  • Loading branch information...
1 parent 1c22cfd commit 16ade48ca9a352ba7edba2f68e69c39fb06ff75a Mark Olesen committed Jan 21, 2012
Showing with 61 additions and 1 deletion.
  1. +61 −1 cgi-bin/grid.cgi
View
@@ -26,6 +26,11 @@ my %timeout = (
shell => 5, # timeout for system commands like 'qstat -j', etc.
);
+# blacklist and/or whitelist access
+# - as regular expressions for the remote IP address
+my @blacklist;
+my @whitelist;
+
#
# END OF CUSTOMIZE SETTINGS
################################################################################
@@ -264,6 +269,59 @@ sub httpError404 {
}
#
+# rudimentary hard-coded access control
+#
+# return true (allowed) or false (denied)
+#
+sub allowed {
+ my ( $class, $cgi ) = @_;
+
+ my $remoteAddr = $cgi->remote_addr();
+
+ # no form of access control: everything is allowed
+ @blacklist or @whitelist or return 1;
+ my $status;
+
+ if (@whitelist) {
+ for (@whitelist) {
+ if ( $remoteAddr =~ m{^$_$} ) {
+ return 1; # explicitly whitelisted == OK
+ }
+ }
+
+ # whitelist without blacklist: everything else is suspicious
+ $status = 0 if not @blacklist;
+ }
+
+ # blacklisted items
+ for (@blacklist) {
+ if ( $remoteAddr =~ m{^$_$} ) {
+ $status = 0;
+ last;
+ }
+ }
+
+ if ( defined $status and not $status ) {
+ print $cgi->header(
+ -type => 'text/html',
+ -charset => 'utf-8',
+ -status => 403
+ ),
+ $cgi->start_html( -title => "Forbidden", -charset => 'utf-8' );
+
+ print qq{<h1>Forbidden</h1>\n}, #
+ qq{Resource <blockquote><pre>}, #
+ $cgi->url( -absolute => 1, -path => 1 ), #
+ qq{</pre></blockquote>\n};
+
+ # finish off - maybe we don't want people to know why?
+ print "<hr />", "Access forbidden\n", $remoteAddr, $cgi->end_html();
+ }
+
+ return $status;
+}
+
+#
# internal utility FUNCTION
# Parse XML attributes function
#
@@ -1485,7 +1543,9 @@ while ( my $cgiObj = $whichCGI->new() ) {
$cgiObj->nph(1);
}
- GridResource->process($cgiObj);
+ if ( GridResource->allowed($cgiObj) ) {
+ GridResource->process($cgiObj);
+ }
last if $whichCGI eq 'CGI'; # normal CGI - break out of while loop
}

0 comments on commit 16ade48

Please sign in to comment.