private bool HandleFAccessConfig(FileSystemInfo requestedFileInfo, DirectoryInfo containingDir,
FAccessConfig faccess,
ClientHttpResponse response)
{
if (faccess == null)
return false;
var forbidden = !faccess.Allow || _denyFileNames.Contains(requestedFileInfo.Name);
//User-defined access rules:
var dirAccessRules = faccess.FileAccessRules;
var requestedFileName = requestedFileInfo.Name;
switch (dirAccessRules)
{
case AccessRules.ExplicitAllow:
if (!faccess.AllowedFiles.Contains(requestedFileName))
{
forbidden = true;
}
break;
case AccessRules.ExplicitDeny:
if (faccess.DeniedFiles.Contains(requestedFileName))
{
forbidden = true;
}
break;
}
if (forbidden)
{
if (faccess.ErrorDocument403 == null)
{
//Show default 403
Logger.WriteLine("403!");
response.SendFailure403(); //Send 403 Header
response.OutputStream.WriteLine(
"403 - You don't have permission to access this path on this server."); //Default 403 body
return true; //end the connection
}
var errdocFullPath = containingDir.FullName + _dirSep + faccess.ErrorDocument403;
Logger.WriteLine("403!");
response.SendFailure403(); //Send 403 Header
response.OutputStream.WriteLine(File.ReadAllText(errdocFullPath));
return true; //end the connection
}
if (requestedFileInfo.Exists) return false;
{
// Default 404
//Check if it is a missing index, and display dirindex if enabled
if (requestedFileInfo.Name == "index.html" && faccess.EnableIndexing && containingDir.Exists)
{
response.SendHeader("HTTP/1.1 200 OK");
response.SendHeader("Content-Type: text/html");
response.SendEndHeaders();
response.OutputStream.WriteLine(GenerateDirectoryIndex(containingDir, response)); //Dynamic index
Logger.WriteLine("Sent dynamic directory index.");
return true; //end the connection
}
if (faccess.ErrorDocument404 == null)
{
//Show default 404
Logger.WriteLine("404!");
response.SendFailure404(); //Send 404 Header
response.OutputStream.WriteLine("404 - File not found"); //Default 404 body
return true; //end the connection
}
var errdocFullPath = containingDir.FullName + _dirSep + faccess.ErrorDocument404;
Logger.WriteLine("404!");
response.SendFailure404(); //Send 404 Header
response.OutputStream.WriteLine(File.ReadAllText(errdocFullPath));
return true; //end the connection
}
}
private static bool RewriteRequestPath(ref string requestPath, ClientHttpResponse response, string wwwroot)
{
var path = requestPath.Substring(1); //Remove slash at beginning
string rqfullPath = null;
try
{
rqfullPath = Path.Combine(wwwroot, path);
}
catch (ArgumentException)
{
// Invalid path, possibly due to some evil stuff trying to XSS or something
response.SendFailure404();
response.OutputStream.WriteLine("404 - The requested resource could not be located.");
throw new DeadRequestException();
}
var finfo = new FileInfo(rqfullPath);
var dinfo = new DirectoryInfo(rqfullPath);
if (dinfo.Exists && !requestPath.EndsWith("/"))
{
// Permanent redirection
response.SendHeader("HTTP/1.1 301 Moved Permanently");
response.SendHeader("Location: " + requestPath + "/");
response.SendEndHeaders();
}
var isDirectory = requestPath.EndsWith("/", StringComparison.CurrentCulture);
if (isDirectory)
requestPath += "index.html";
return false;
}