0

I want to deny access to certain paths on my server, which is using the CGIHttpServer module. I've come up with a whitelist that I'll need to check on every request, but my problem is how to implement it.

I tried overriding the handle_one_request method (which both processes the request and sends the response) but the problem is that the path information is not available before it's run. Meaning that I'll always be either too early or too late. Now I'm thinking of either copy-pasting the original function source and editing it myself or overriding wfile.flush, which sounds way too ugly.

Can anyone give me a better solution?

Here's the source code for handle_one_request.

rvighne
  • 20,755
  • 11
  • 51
  • 73

1 Answers1

1

You can override run_cgi in the CGIHTTPRequestHandler subclass, and only call super when your whitelist matches.

Jorgen Schäfer
  • 1,196
  • 6
  • 8
  • But I also want to block some static files (non-cgi). – rvighne Aug 17 '14 at 19:15
  • Ah. The call chain is `handle_one_request` -> `do_POST|GET|HEAD` -> `run_cgi`. If `handle_one_request` does not have enough information yet, and `run_cgi` is not called for all requests you need, I'm afraid your only option is to override `do_POST|GET|HEAD` separately. (Yes, I do think this could do with one more step in the official implementation, but it's not there :-/) – Jorgen Schäfer Aug 17 '14 at 19:20