From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 6 Mar 2008 16:33:47 +0000 (+0000)
Subject: If limit-connect isn't used, don't limit CONNECT requests to port 443.
X-Git-Tag: v_3_0_9~209
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/@default-cgi@/user-manual/static/coding.html?a=commitdiff_plain;h=e807796b088ae171406ada5fcbf0731f61572f8c;p=privoxy.git
If limit-connect isn't used, don't limit CONNECT requests to port 443.
---
diff --git a/ChangeLog b/ChangeLog
index da624222..9f66a97c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,9 @@ ChangeLog for Privoxy
- Forbidden CONNECT requests are treated like blocks by default.
The now-pointless treat-forbidden-connects-like-blocks action
has been removed.
+- Not enabling limit-connect now allows CONNECT requests to all ports.
+ In previous versions it would only allow CONNECT requests to port 443.
+ Use +limit-connect{443} if you think you need the old default behaviour.
- Fixed false-positives with the link-by-url filter and URLs that
contain the pattern "/jump/".
- The less-download-windows filter no longer messes
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index bc82970c..46ca739f 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -33,7 +33,7 @@
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 2.64 2008/03/01 14:10:28 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.65 2008/03/04 18:30:40 fabiankeil Exp $
Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
See LICENSE.
@@ -59,7 +59,7 @@
</subscript>
</pubdate>
-<pubdate>$Id: user-manual.sgml,v 2.64 2008/03/01 14:10:28 fabiankeil Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 2.65 2008/03/04 18:30:40 fabiankeil Exp $</pubdate>
<!--
@@ -5205,10 +5205,9 @@ new action
<listitem>
<para>
By default, i.e. if no <literal>limit-connect</literal> action applies,
- <application>Privoxy</application> only allows HTTP CONNECT
- requests to port 443 (the standard, secure HTTPS port). Use
- <literal>limit-connect</literal> if more fine-grained control is desired
- for some or all destinations.
+ <application>Privoxy</application> allows HTTP CONNECT requests to all
+ ports. Use <literal>limit-connect</literal> if fine-grained control
+ is desired for some or all destinations.
</para>
<para>
The CONNECT methods exists in HTTP to allow access to secure websites
@@ -5232,7 +5231,7 @@ new action
<!-- I probably have the wrong font setup, bollocks. -->
<!-- Apparently the emphasis tag uses a proportional font no matter what -->
<para>
- <screen>+limit-connect{443} # This is the default and need not be specified.
+ <screen>+limit-connect{443} # Port 443 is OK.
+limit-connect{80,443} # Ports 80 and 443 are OK.
+limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
+limit-connect{-} # All ports are OK
@@ -8867,6 +8866,10 @@ In file: user.action <guibutton>[ View ]</guibutton> <guibutton>[ Edit ]</guibut
USA
$Log: user-manual.sgml,v $
+ Revision 2.65 2008/03/04 18:30:40 fabiankeil
+ Remove the treat-forbidden-connects-like-blocks action. We now
+ use the "blocked" page for forbidden CONNECT requests by default.
+
Revision 2.64 2008/03/01 14:10:28 fabiankeil
Use new block syntax. Still needs some polishing.
diff --git a/filters.c b/filters.c
index cfa5b777..7a223dcc 100644
--- a/filters.c
+++ b/filters.c
@@ -1,4 +1,4 @@
-const char filters_rcs[] = "$Id: filters.c,v 1.101 2008/02/23 16:57:12 fabiankeil Exp $";
+const char filters_rcs[] = "$Id: filters.c,v 1.102 2008/03/01 14:00:44 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/filters.c,v $
@@ -40,6 +40,10 @@ const char filters_rcs[] = "$Id: filters.c,v 1.101 2008/02/23 16:57:12 fabiankei
*
* Revisions :
* $Log: filters.c,v $
+ * Revision 1.102 2008/03/01 14:00:44 fabiankeil
+ * Let the block action take the reason for the block
+ * as argument and show it on the "blocked" page.
+ *
* Revision 1.101 2008/02/23 16:57:12 fabiankeil
* Rename url_actions() to get_url_actions() and let it
* use the standard parameter ordering.
@@ -838,9 +842,9 @@ int acl_addr(const char *aspec, struct access_control_addr *aca)
*********************************************************************/
int connect_port_is_forbidden(const struct client_state *csp)
{
- return ((!(csp->action->flags & ACTION_LIMIT_CONNECT) && csp->http->port != 443)
- || (csp->action->flags & ACTION_LIMIT_CONNECT &&
- !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT], csp->http->port)));
+ return ((csp->action->flags & ACTION_LIMIT_CONNECT) &&
+ !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT],
+ csp->http->port));
}
diff --git a/jcc.c b/jcc.c
index 82ab4538..65bfc93a 100644
--- a/jcc.c
+++ b/jcc.c
@@ -1,4 +1,4 @@
-const char jcc_rcs[] = "$Id: jcc.c,v 1.168 2008/03/02 12:25:25 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.169 2008/03/04 18:30:39 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
@@ -33,6 +33,10 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.168 2008/03/02 12:25:25 fabiankeil Exp $"
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.169 2008/03/04 18:30:39 fabiankeil
+ * Remove the treat-forbidden-connects-like-blocks action. We now
+ * use the "blocked" page for forbidden CONNECT requests by default.
+ *
* Revision 1.168 2008/03/02 12:25:25 fabiankeil
* Also use shiny new connect_port_is_forbidden() in jcc.c.
*
@@ -2192,9 +2196,8 @@ static void chat(struct client_state *csp)
if (http->ssl && connect_port_is_forbidden(csp))
{
const char *acceptable_connect_ports =
- csp->action->string[ACTION_STRING_LIMIT_CONNECT] ?
- csp->action->string[ACTION_STRING_LIMIT_CONNECT] :
- "443 (implied default)";
+ csp->action->string[ACTION_STRING_LIMIT_CONNECT];
+ assert(NULL != acceptable_connect_ports);
log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
"limit-connect{%s} doesn't allow CONNECT requests to port %d.",
csp->ip_addr_str, acceptable_connect_ports, csp->http->port);