I want to restrict IP in NanoHTTPD.java

Asked 2 years ago, Updated 2 years ago, 55 views

minSdkVersion:19
targetSdkVersion:19

http://komamitsu.hatenablog.com/entry/20120223/1330013934
Using the above information, I am running NanoHTTPD on Android.

Due to the restriction of the source of access (IP restriction), we would like to have it delivered.

in AndroidWebServerActivity.java
@Override
public Response serve (Stringuri, String method,
        Properties header, Properties parts, Properties files) {

    final StringBuilder buf = new StringBuilder();
    for (Entry<Object,Object>kv:header.entrySet())
        buf.append(kv.getKey()+":"+kv.getValue()+"\n");

    handler.post(new Runnable(){
        @ Override
        public void run() {
            hello.setText(buf);
        }
    });

    final String html="<html>head><head>>body>><h1>Hello, World</h1><body>><html>";
    return new NanoHTTPD.Response(HTTP_OK, MIME_HTML, html);
}

In , we checked to see if there was a requesting IP address in the parameters, but there was no requesting IP address information in all uri, method, header, params, files.

If you know how to limit access sources, please let me know.

android java nanohttpd

2022-09-30 16:43

3 Answers

As far as JavaSE environments are concerned, it can be retrieved with session.getHeaders().get("remote-addr").

https://github.com/NanoHttpd/nanohttpd/blob/0f5ae0751dcaf3182ba094403debaf085b3ac58e/core/src/main/java/fi/iki/elonen/NanoHTTPD.java#L819-L820


2022-09-30 16:43

How about using getRemoteSocketAddress().

Once accessed by the client (HTTPSession(myServerSocket.accept();), a thread is generated to create an instance of the HTTPSession class.You will be filtering addresses within that constructor.

/**
 * Starts a HTTP server to give port.<p>
 * Throws an IOException if the socket is already in use
 */
public NanoHTTPD(int port, File wwwroot)rows IOException
{
  myTcpPort=port;
  This.myRootDir=wwwroot;
  myServerSocket=newServerSocket(myTcpPort);
  myThread = new Thread (new Runnable()
    {
      public void run()
      {
        try
        {
          while(true)
            new HTTPSession (myServerSocket.accept());
            //  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        }
        catch (IOException ioe)

               :

/**
 * Handles one session, i.e.pars the HTTP request
 * and returns the response.
 */
private class HTTPSession implements Runnable
{
  public HTTPSession (Sockets)
  {
    mySocket=s;

    // Here  
    SocketAddress remoteIPAddress=mySocket.getRemoteSocketAddress();
    System.out.println(remoteIPAddress);
    // =>/192.168.0.3:49825

    Threadt = new Thread(this);
    t.setDaemon(true);
    t.start();
  }


2022-09-30 16:43

The service method Override on the reference site is from NanoHTTPD v1.1, and is incompatible with the service method in v1.6.

1.1 does not include remote-addr information in Header.In 1.6 on the other hand, remote-addr and http-client-ip are included in the Header.

Therefore, the only way to control access is to take it so that it can be realized using v1.6.

1.6 includes the reference site

public Response serve(Stringuri, String method,
    Properties header, Properties parts, Properties files)

is gone (actually deprecated), instead

public Response serve (IHTTPSession session)

It is shown thatTherefore, if you use the session.getHeaders().get("remote-addr") answered by yukihane, you should override the serve method and use the session object to check the remode address before passing it to the parent class.

private static final CharSequence FORBIDDEN="192.168.0.3";

@ Override
public Response serve (IHTTPSession session) {

    String remoteAddr=session.getHeaders().get("remote-addr");
    if(remoteAddr.contains(FORBIDDEN)){
        return newFixedLengthResponse(Response.Status.HTTP_FORBIDDEN,
            NanoHTTPD.MIME_HTML, "<p>Your are not allowed to access.</p>";
    }

    super.serve(session);
}


2022-09-30 16:43

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.