private bool HandleFAccessConfig(FileSystemInfo requestedFileInfo, DirectoryInfo containingDir, FAccessConfig faccess, ClientHttpResponse response) { if (faccess == null) return false; var forbidden = !faccess.Allow || _denyFileNames.Contains(requestedFileInfo.Name); //User-defined access rules: var dirAccessRules = faccess.FileAccessRules; var requestedFileName = requestedFileInfo.Name; switch (dirAccessRules) { case AccessRules.ExplicitAllow: if (!faccess.AllowedFiles.Contains(requestedFileName)) { forbidden = true; } break; case AccessRules.ExplicitDeny: if (faccess.DeniedFiles.Contains(requestedFileName)) { forbidden = true; } break; } if (forbidden) { if (faccess.ErrorDocument403 == null) { //Show default 403 Logger.WriteLine("403!"); response.SendFailure403(); //Send 403 Header response.OutputStream.WriteLine( "403 - You don't have permission to access this path on this server."); //Default 403 body return true; //end the connection } var errdocFullPath = containingDir.FullName + _dirSep + faccess.ErrorDocument403; Logger.WriteLine("403!"); response.SendFailure403(); //Send 403 Header response.OutputStream.WriteLine(File.ReadAllText(errdocFullPath)); return true; //end the connection } if (requestedFileInfo.Exists) return false; { // Default 404 //Check if it is a missing index, and display dirindex if enabled if (requestedFileInfo.Name == "index.html" && faccess.EnableIndexing && containingDir.Exists) { response.SendHeader("HTTP/1.1 200 OK"); response.SendHeader("Content-Type: text/html"); response.SendEndHeaders(); response.OutputStream.WriteLine(GenerateDirectoryIndex(containingDir, response)); //Dynamic index Logger.WriteLine("Sent dynamic directory index."); return true; //end the connection } if (faccess.ErrorDocument404 == null) { //Show default 404 Logger.WriteLine("404!"); response.SendFailure404(); //Send 404 Header response.OutputStream.WriteLine("404 - File not found"); //Default 404 body return true; //end the connection } var errdocFullPath = containingDir.FullName + _dirSep + faccess.ErrorDocument404; Logger.WriteLine("404!"); response.SendFailure404(); //Send 404 Header response.OutputStream.WriteLine(File.ReadAllText(errdocFullPath)); return true; //end the connection } }
private static bool RewriteRequestPath(ref string requestPath, ClientHttpResponse response, string wwwroot) { var path = requestPath.Substring(1); //Remove slash at beginning string rqfullPath = null; try { rqfullPath = Path.Combine(wwwroot, path); } catch (ArgumentException) { // Invalid path, possibly due to some evil stuff trying to XSS or something response.SendFailure404(); response.OutputStream.WriteLine("404 - The requested resource could not be located."); throw new DeadRequestException(); } var finfo = new FileInfo(rqfullPath); var dinfo = new DirectoryInfo(rqfullPath); if (dinfo.Exists && !requestPath.EndsWith("/")) { // Permanent redirection response.SendHeader("HTTP/1.1 301 Moved Permanently"); response.SendHeader("Location: " + requestPath + "/"); response.SendEndHeaders(); } var isDirectory = requestPath.EndsWith("/", StringComparison.CurrentCulture); if (isDirectory) requestPath += "index.html"; return false; }