From 5ee3e711d51e9fc40564f25fed2dccde2c76656c Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Tue, 4 Mar 2008 18:30:44 +0000
Subject: [PATCH] Remove the treat-forbidden-connects-like-blocks action. We
now use the "blocked" page for forbidden CONNECT requests by default.
---
ChangeLog | 3 ++
actionlist.h | 6 ++-
actions.c | 28 ++++++++++-
default.action.master | 13 +----
doc/source/user-manual.sgml | 91 +++-------------------------------
jcc.c | 59 ++++++----------------
project.h | 10 ++--
standard.action | 3 +-
templates/edit-actions-for-url | 21 ++------
9 files changed, 67 insertions(+), 167 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 10275f88..da624222 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,9 @@ ChangeLog for Privoxy
the show-status page hides the edit buttons and explains why.
Previously the user would get the "this feature has been disabled"
message after using the edit button.
+- Forbidden CONNECT requests are treated like blocks by default.
+ The now-pointless treat-forbidden-connects-like-blocks action
+ has been removed.
- Fixed false-positives with the link-by-url filter and URLs that
contain the pattern "/jump/".
- The less-download-windows filter no longer messes
diff --git a/actionlist.h b/actionlist.h
index 929b73d0..2bb89172 100644
--- a/actionlist.h
+++ b/actionlist.h
@@ -39,6 +39,10 @@
*
* Revisions :
* $Log: actionlist.h,v $
+ * Revision 1.29 2008/03/01 14:00:43 fabiankeil
+ * Let the block action take the reason for the block
+ * as argument and show it on the "blocked" page.
+ *
* Revision 1.28 2007/12/11 21:08:29 fabiankeil
* Let the CGI editor suggest a forward-override
* parameter whose syntax is actually valid.
@@ -237,8 +241,6 @@ DEFINE_ACTION_STRING ("set-image-blocker", ACTION_IMAGE_BLOCKER,
DEFINE_CGI_PARAM_RADIO ("set-image-blocker", ACTION_IMAGE_BLOCKER, ACTION_STRING_IMAGE_BLOCKER, "pattern", 1)
DEFINE_CGI_PARAM_RADIO ("set-image-blocker", ACTION_IMAGE_BLOCKER, ACTION_STRING_IMAGE_BLOCKER, "blank", 0)
DEFINE_CGI_PARAM_CUSTOM ("set-image-blocker", ACTION_IMAGE_BLOCKER, ACTION_STRING_IMAGE_BLOCKER, CGI_PREFIX "send-banner?type=pattern")
-DEFINE_ACTION_BOOL ("treat-forbidden-connects-like-blocks", ACTION_TREAT_FORBIDDEN_CONNECTS_LIKE_BLOCKS)
-
#if DEFINE_ACTION_ALIAS
diff --git a/actions.c b/actions.c
index d5c02c48..2fb546f4 100644
--- a/actions.c
+++ b/actions.c
@@ -1,4 +1,4 @@
-const char actions_rcs[] = "$Id: actions.c,v 1.42 2008/02/09 15:15:38 fabiankeil Exp $";
+const char actions_rcs[] = "$Id: actions.c,v 1.43 2008/03/01 14:00:43 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/actions.c,v $
@@ -33,6 +33,10 @@ const char actions_rcs[] = "$Id: actions.c,v 1.42 2008/02/09 15:15:38 fabiankeil
*
* Revisions :
* $Log: actions.c,v $
+ * Revision 1.43 2008/03/01 14:00:43 fabiankeil
+ * Let the block action take the reason for the block
+ * as argument and show it on the "blocked" page.
+ *
* Revision 1.42 2008/02/09 15:15:38 fabiankeil
* List active and inactive actions in the show-url-info's
* "Final results" section separately. Patch submitted by Lee
@@ -602,6 +606,23 @@ jb_err get_action_token(char **line, char **name, char **value)
return JB_ERR_OK;
}
+/*********************************************************************
+ *
+ * Function : action_used_to_valid_
+ *
+ * Description : Checks if unrecognized actions were valid in earlier
+ * releases.
+ *
+ * Parameters :
+ * 1 : action = The string containing the action to check.
+ *
+ * Returns : True if yes, otherwise false.
+ *
+ *********************************************************************/
+static int action_used_to_be_valid(const char *action)
+{
+ return (0 == strcmpic(action, "treat-forbidden-connects-like-blocks"));
+}
/*********************************************************************
*
@@ -781,6 +802,11 @@ jb_err get_actions(char *line,
/* Found it */
merge_actions(cur_action, alias->action);
}
+ else if ((2 < strlen(option)) && action_used_to_be_valid(option+1))
+ {
+ log_error(LOG_LEVEL_ERROR, "Action '%s' is no longer valid "
+ "in this Privoxy release. Ignored.", option+1);
+ }
else
{
/* Bad action name */
diff --git a/default.action.master b/default.action.master
index 23433ebd..eeadb155 100644
--- a/default.action.master
+++ b/default.action.master
@@ -9,7 +9,7 @@
#
# File : $Source: /cvsroot/ijbswa/current/default.action.master,v $
#
-# $Id: default.action.master,v 1.113 2008/03/01 14:00:44 fabiankeil Exp $
+# $Id: default.action.master,v 1.114 2008/03/01 15:25:34 fabiankeil Exp $
#
# Requires : This version requires Privoxy v3.0.9 or later due to
# syntax changes.
@@ -491,17 +491,6 @@
# This allows you to add an arbitrary cookie. Specify it multiple
# times in order to add several cookies.
#
-# +treat-forbidden-connects-like-blocks
-# If this action is enabled, Privoxy no longer makes a difference between
-# forbidden connects and ordinary blocks.
-#
-# By default Privoxy answers forbidden "Connect" requests with a short
-# error message inside the headers. If the browser doesn't display headers
-# (most don't), you just see an empty page. With this action enabled,
-# Privoxy displays the message that is used for ordinary blocks instead. If
-# you decide to make an exception for the page in question, you can do so
-# by following the "See why" link.
-#
#############################################################################
#############################################################################
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index 6a07d878..bc82970c 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -33,7 +33,7 @@
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 2.63 2008/02/22 05:50:37 markm68k Exp $
+ $Id: user-manual.sgml,v 2.64 2008/03/01 14:10:28 fabiankeil Exp $
Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
See LICENSE.
@@ -59,7 +59,7 @@
</subscript>
</pubdate>
-<pubdate>$Id: user-manual.sgml,v 2.63 2008/02/22 05:50:37 markm68k Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 2.64 2008/03/01 14:10:28 fabiankeil Exp $</pubdate>
<!--
@@ -5221,9 +5221,6 @@ new action
<application>Privoxy</application> relays HTTPS traffic without seeing
the decoded content. Websites can leverage this limitation to circumvent &my-app;'s
filters. By specifying an invalid port range you can disable HTTPS entirely.
- If you plan to disable SSL by default, consider enabling
- <literal><link linkend="treat-forbidden-connects-like-blocks ">treat-forbidden-connects-like-blocks</link></literal>
- as well, to be able to quickly create exceptions.
</para>
</listitem>
</varlistentry>
@@ -6048,81 +6045,6 @@ example.org/instance-that-is-delivered-as-xml-but-is-not
</sect3>
-<!-- ~~~~~ New section ~~~~~ -->
-<sect3 renderas="sect4" id="treat-forbidden-connects-like-blocks">
-<title>treat-forbidden-connects-like-blocks</title>
-<!--
-new action
--->
-<variablelist>
- <varlistentry>
- <term>Typical use:</term>
- <listitem>
- <para>Block forbidden connects with an easy to find error message.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Effect:</term>
- <listitem>
- <para>
- If this action is enabled, <application>Privoxy</application> no longer
- makes a difference between forbidden connects and ordinary blocks.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Type:</term>
- <!-- Boolean, Parameterized, Multi-value -->
- <listitem>
- <para>Boolean</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Parameter:</term>
- <listitem>
- <para>N/A</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Notes:</term>
- <listitem>
- <para>
- By default <application>Privoxy</application> answers
- <link linkend="limit-connect">forbidden <quote>Connect</quote> requests</link>
- with a short error message inside the headers. If the browser doesn't display
- headers (most don't), you just see an empty page.
- </para>
- <para>
- With this action enabled, <application>Privoxy</application> displays
- the message that is used for ordinary blocks instead. If you decide
- to make an exception for the page in question, you can do so by
- following the <quote>See why</quote> link.
- </para>
- <para>
- For <quote>Connect</quote> requests the clients tell
- <application>Privoxy</application> which host they are interested
- in, but not which document they plan to get later. As a result, the
- <quote>Go there anyway</quote> wouldn't work and is therefore suppressed.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Example usage:</term>
- <listitem>
- <para>
- <screen>+treat-forbidden-connects-like-blocks</screen>
- </para>
- </listitem>
- </varlistentry>
-</variablelist>
-</sect3>
-
-
<!-- ~~~~~ New section ~~~~~ -->
<sect3>
<title>Summary</title>
@@ -8662,8 +8584,7 @@ In file: user.action <guibutton>[ View ]</guibutton> <guibutton>[ Edit ]</guibut
-server-header-filter{xml-to-html}
-server-header-filter{html-to-xml}
-session-cookies-only
- +set-image-blocker {pattern}
- -treat-forbidden-connects-like-blocks </screen>
+ +set-image-blocker {pattern} </screen>
</para>
<para>
@@ -8785,8 +8706,7 @@ In file: user.action <guibutton>[ View ]</guibutton> <guibutton>[ Edit ]</guibut
-server-header-filter{xml-to-html}
-server-header-filter{html-to-xml}
+session-cookies-only
- +set-image-blocker{blank}
- -treat-forbidden-connects-like-blocks }
+ +set-image-blocker{blank} }
/
{ +block{Path contains "ads".} +handle-as-image }
@@ -8947,6 +8867,9 @@ In file: user.action <guibutton>[ View ]</guibutton> <guibutton>[ Edit ]</guibut
USA
$Log: user-manual.sgml,v $
+ Revision 2.64 2008/03/01 14:10:28 fabiankeil
+ Use new block syntax. Still needs some polishing.
+
Revision 2.63 2008/02/22 05:50:37 markm68k
fix merge problem
diff --git a/jcc.c b/jcc.c
index 6138e561..82ab4538 100644
--- a/jcc.c
+++ b/jcc.c
@@ -1,4 +1,4 @@
-const char jcc_rcs[] = "$Id: jcc.c,v 1.167 2008/02/23 16:57:12 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.168 2008/03/02 12:25:25 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
@@ -33,6 +33,9 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.167 2008/02/23 16:57:12 fabiankeil Exp $"
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.168 2008/03/02 12:25:25 fabiankeil
+ * Also use shiny new connect_port_is_forbidden() in jcc.c.
+ *
* Revision 1.167 2008/02/23 16:57:12 fabiankeil
* Rename url_actions() to get_url_actions() and let it
* use the standard parameter ordering.
@@ -1143,12 +1146,6 @@ static const char CHEADER[] =
"Connection: close\r\n\r\n"
"Invalid header received from client.\r\n";
-static const char CFORBIDDEN[] =
- "HTTP/1.0 403 Connection not allowable\r\n"
- "Proxy-Agent: Privoxy " VERSION "\r\n"
- "X-Hint: If you read this message interactively, then you know why this happens ,-)\r\n"
- "Connection: close\r\n\r\n";
-
static const char FTP_RESPONSE[] =
"HTTP/1.0 400 Invalid request received from client\r\n"
"Content-Type: text/plain\r\n"
@@ -2192,45 +2189,17 @@ static void chat(struct client_state *csp)
*
*/
- if (http->ssl)
+ if (http->ssl && connect_port_is_forbidden(csp))
{
- if (connect_port_is_forbidden(csp))
- {
- const char *acceptable_connect_ports =
- csp->action->string[ACTION_STRING_LIMIT_CONNECT] ?
- csp->action->string[ACTION_STRING_LIMIT_CONNECT] :
- "443 (implied default)";
- if (csp->action->flags & ACTION_TREAT_FORBIDDEN_CONNECTS_LIKE_BLOCKS)
- {
- /*
- * The response may confuse some clients,
- * but makes unblocking easier.
- *
- * XXX: It seems to work with all major browsers,
- * so we should consider returning a body by default someday ...
- */
- log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
- "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
- csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
- csp->action->flags |= ACTION_BLOCK;
- http->ssl = 0;
- }
- else
- {
- write_socket(csp->cfd, CFORBIDDEN, strlen(CFORBIDDEN));
- log_error(LOG_LEVEL_INFO, "Request from %s denied. "
- "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
- csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
- assert(NULL != csp->http->ocmd);
- log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 403 0", csp->ip_addr_str, csp->http->ocmd);
-
- list_remove_all(csp->headers);
- /*
- * XXX: For consistency we might want to log a crunch message here.
- */
- return;
- }
- }
+ const char *acceptable_connect_ports =
+ csp->action->string[ACTION_STRING_LIMIT_CONNECT] ?
+ csp->action->string[ACTION_STRING_LIMIT_CONNECT] :
+ "443 (implied default)";
+ log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
+ "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
+ csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
+ csp->action->flags |= ACTION_BLOCK;
+ http->ssl = 0;
}
if (http->ssl == 0)
diff --git a/project.h b/project.h
index a01b5bfa..678f401d 100644
--- a/project.h
+++ b/project.h
@@ -1,7 +1,7 @@
#ifndef PROJECT_H_INCLUDED
#define PROJECT_H_INCLUDED
/** Version string. */
-#define PROJECT_H_VERSION "$Id: project.h,v 1.102 2008/02/03 13:46:14 fabiankeil Exp $"
+#define PROJECT_H_VERSION "$Id: project.h,v 1.103 2008/03/01 14:00:45 fabiankeil Exp $"
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/project.h,v $
@@ -37,6 +37,10 @@
*
* Revisions :
* $Log: project.h,v $
+ * Revision 1.103 2008/03/01 14:00:45 fabiankeil
+ * Let the block action take the reason for the block
+ * as argument and show it on the "blocked" page.
+ *
* Revision 1.102 2008/02/03 13:46:14 fabiankeil
* Add SOCKS5 support. Patch #1862863 by Eric M. Hopper with minor changes.
*
@@ -1055,10 +1059,8 @@ struct iob
#define ACTION_HANDLE_AS_EMPTY_DOCUMENT 0x08000000UL
/** Action bitmap: Redirect request. */
#define ACTION_REDIRECT 0x10000000UL
-/** Action bitmap: Answer blocked Connects verbosely */
-#define ACTION_TREAT_FORBIDDEN_CONNECTS_LIKE_BLOCKS 0x20000000UL
/** Action bitmap: Override the forward settings in the config file */
-#define ACTION_FORWARD_OVERRIDE 0x40000000UL
+#define ACTION_FORWARD_OVERRIDE 0x20000000UL
/** Action string index: How to deanimate GIFs */
diff --git a/standard.action b/standard.action
index a02ff24c..8a45e827 100644
--- a/standard.action
+++ b/standard.action
@@ -2,7 +2,7 @@
#
# File : $Source: /cvsroot/ijbswa/current/standard.action,v $
#
-# $Id: standard.action,v 1.21 2007/09/01 11:06:04 fabiankeil Exp $
+# $Id: standard.action,v 1.22 2007/11/07 18:01:10 fabiankeil Exp $
#
# Purpose : Provide prefedined sets of actions, see
# http://www.privoxy.org/user-manual/actions-file.html
@@ -90,6 +90,5 @@ standard.Medium
+limit-connect{,} \
+overwrite-last-modified{randomize} \
+set-image-blocker{pattern} \
-+treat-forbidden-connects-like-blocks \
}
standard.Advanced
diff --git a/templates/edit-actions-for-url b/templates/edit-actions-for-url
index 145ad50c..6a255d8e 100644
--- a/templates/edit-actions-for-url
+++ b/templates/edit-actions-for-url
@@ -32,6 +32,10 @@
#
# Revisions :
# $Log: edit-actions-for-url,v $
+# Revision 1.49 2008/03/01 14:00:47 fabiankeil
+# Let the block action take the reason for the block
+# as argument and show it on the "blocked" page.
+#
# Revision 1.48 2007/12/11 21:18:55 fabiankeil
# Make forward-override accessible through the CGI editor.
#
@@ -1321,23 +1325,6 @@ function show_send_wafer_opts(tf)
<input type="text" name="set_image_blocker_param" id="set_image_blocker_param"
size="40" value="@set-image-blocker-param@"></td>
</tr>
- <tr class="bg1" align="left" valign="top">
- <td class="en1" align="center" valign="middle"><input type="radio"
- name="treat_forbidden_connects_like_blocks" value="Y" @treat-forbidden-connects-like-blocks-y@
- ></td>
- <td class="dis1" align="center" valign="middle"><input type="radio"
- name="treat_forbidden_connects_like_blocks" value="N" @treat-forbidden-connects-like-blocks-n@
- ></td>
- <td class="noc1" align="center" valign="middle"><input type="radio"
- name="treat_forbidden_connects_like_blocks" value="X" @treat-forbidden-connects-like-blocks-x@
- ></td>
- <td class="action"><a href="@user-manual@@actions-help-prefix@TREAT_FORBIDDEN_CONNECTS_LIKE_BLOCKS">treat-forbidden-connects-like-blocks</a></td>
- <td>
- Answer forbidden Connect requests with the usual block message.
- Makes unblocking easier, but the <q>go there anyway</q> link will not work
- as expected.
- </td>
- </tr>
</table>
<!-- @if-multiple-forms-start -->
--
2.49.0