Class HostCheckHandler

All Implemented Interfaces:
Handler, org.eclipse.jetty.server.handler.gzip.GzipFactory, HandlerContainer, Container, Destroyable, Dumpable, LifeCycle

public class HostCheckHandler extends org.eclipse.jetty.server.handler.gzip.GzipHandler
Block certain Host headers to prevent DNS rebinding attacks. This Handler wraps the ContextHandlerCollection, which handles all the webapps (not just routerconsole). Therefore, this protects all the webapps.
Since:
0.9.32
  • Constructor Details

    • HostCheckHandler

      public HostCheckHandler(I2PAppContext ctx)
      MUST call setListenHosts() afterwards.
  • Method Details

    • setListenHosts

      public void setListenHosts(Set<String> hosts)
      Set the legal hosts. Not synched. Call this BEFORE starting. If empty, all are allowed.
      Parameters:
      hosts - contains hostnames or IPs. But we allow all IPs anyway.
    • handle

      public void handle(String pathInContext, Request baseRequest, HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException, ServletException
      Block by Host header, redirect HTTP to HTTPS, pass everything else to the delegate.
      Specified by:
      handle in interface Handler
      Overrides:
      handle in class org.eclipse.jetty.server.handler.gzip.GzipHandler
      Throws:
      IOException
      ServletException