1 #ifndef FILTERS_H_INCLUDED
2 #define FILTERS_H_INCLUDED
3 #define FILTERS_H_VERSION "$Id: filters.h,v 1.34 2008/03/02 12:25:25 fabiankeil Exp $"
4 /*********************************************************************
6 * File : $Source: /cvsroot/ijbswa/current/filters.h,v $
8 * Purpose : Declares functions to parse/crunch headers and pages.
9 * Functions declared include:
10 * `acl_addr', `add_stats', `block_acl', `block_imageurl',
11 * `block_url', `url_actions', `filter_popups', `forward_url'
12 * `ij_untrusted_url', `intercept_url', `re_process_buffer',
13 * `show_proxy_args', and `trust_url'
15 * Copyright : Written by and Copyright (C) 2001, 2004 the SourceForge
16 * Privoxy team. http://www.privoxy.org/
18 * Based on the Internet Junkbuster originally written
19 * by and Copyright (C) 1997 Anonymous Coders and
20 * Junkbusters Corporation. http://www.junkbusters.com
22 * This program is free software; you can redistribute it
23 * and/or modify it under the terms of the GNU General
24 * Public License as published by the Free Software
25 * Foundation; either version 2 of the License, or (at
26 * your option) any later version.
28 * This program is distributed in the hope that it will
29 * be useful, but WITHOUT ANY WARRANTY; without even the
30 * implied warranty of MERCHANTABILITY or FITNESS FOR A
31 * PARTICULAR PURPOSE. See the GNU General Public
32 * License for more details.
34 * The GNU General Public License should be included with
35 * this file. If not, you can view it at
36 * http://www.gnu.org/copyleft/gpl.html
37 * or write to the Free Software Foundation, Inc., 59
38 * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
42 * Revision 1.34 2008/03/02 12:25:25 fabiankeil
43 * Also use shiny new connect_port_is_forbidden() in jcc.c.
45 * Revision 1.33 2008/02/23 16:57:12 fabiankeil
46 * Rename url_actions() to get_url_actions() and let it
47 * use the standard parameter ordering.
49 * Revision 1.32 2008/02/23 16:33:43 fabiankeil
50 * Let forward_url() use the standard parameter ordering
51 * and mark its second parameter immutable.
53 * Revision 1.31 2007/10/19 16:53:28 fabiankeil
54 * Add helper function to check if any content filters are enabled.
56 * Revision 1.30 2007/09/29 10:21:16 fabiankeil
57 * - Move get_filter_function() from jcc.c to filters.c
58 * so the filter functions can be static.
59 * - Don't bother filtering body-less responses.
61 * Revision 1.29 2007/09/28 16:38:55 fabiankeil
62 * - Execute content filters through execute_content_filter().
63 * - Add prepare_for_filtering() so filter functions don't have to
64 * care about de-chunking and decompression. As a side effect this enables
65 * decompression for gif_deanimate_response() and jpeg_inspect_response().
66 * - Change remove_chunked_transfer_coding()'s return type to jb_err.
67 * Some clowns feel like chunking empty responses in which case
68 * (size == 0) is valid but previously would be interpreted as error.
70 * Revision 1.28 2007/09/02 15:31:20 fabiankeil
71 * Move match_portlist() from filter.c to urlmatch.c.
72 * It's used for url matching, not for filtering.
74 * Revision 1.27 2007/04/30 15:02:18 fabiankeil
75 * Introduce dynamic pcrs jobs that can resolve variables.
77 * Revision 1.26 2007/03/13 11:28:43 fabiankeil
78 * - Fix port handling in acl_addr() and use a temporary acl spec
79 * copy so error messages don't contain a truncated version.
80 * - Log size of iob before and after decompression.
82 * Revision 1.25 2007/01/12 15:36:44 fabiankeil
83 * Mark *csp as immutable for is_untrusted_url()
84 * and is_imageurl(). Closes FR 1237736.
86 * Revision 1.24 2006/12/29 18:30:46 fabiankeil
87 * Fixed gcc43 conversion warnings,
88 * changed sprintf calls to snprintf.
90 * Revision 1.23 2006/11/28 15:19:43 fabiankeil
91 * Implemented +redirect{s@foo@bar@} to generate
92 * a redirect based on a rewritten version of the
95 * Revision 1.22 2006/07/18 14:48:46 david__schmidt
96 * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
97 * with what was really the latest development (the v_3_0_branch branch)
99 * Revision 1.20.2.2 2004/10/03 12:53:32 david__schmidt
100 * Add the ability to check jpeg images for invalid
101 * lengths of comment blocks. Defensive strategy
102 * against the exploit:
103 * Microsoft Security Bulletin MS04-028
104 * Buffer Overrun in JPEG Processing (GDI+) Could
105 * Allow Code Execution (833987)
106 * Enabled with +inspect-jpegs in actions files.
108 * Revision 1.20.2.1 2002/09/25 14:51:51 oes
109 * Added basic support for OPTIONS and TRACE HTTP methods:
110 * New function direct_response which handles OPTIONS and
111 * TRACE requests whose Max-Forwards header field is zero.
113 * Revision 1.20 2002/04/02 14:56:16 oes
114 * Bugfix: is_untrusted_url() and trust_url() now depend on FEATURE_TRUST, not FEATURE_COOKIE_JAR
116 * Revision 1.19 2002/03/26 22:29:54 swa
117 * we have a new homepage!
119 * Revision 1.18 2002/03/25 22:12:45 oes
120 * Added fix for undefined INADDR_NONE on Solaris by Bart Schelstraete
122 * Revision 1.17 2002/03/24 13:25:43 swa
123 * name change related issues
125 * Revision 1.16 2002/01/17 21:01:02 jongfoster
126 * Moving all our URL and URL pattern parsing code to urlmatch.c.
128 * Revision 1.15 2001/10/10 16:44:16 oes
129 * Added match_portlist function
131 * Revision 1.14 2001/10/07 15:41:40 oes
132 * Added prototype for remove_chunked_transfer_coding
134 * Revision 1.13 2001/07/30 22:08:36 jongfoster
135 * Tidying up #defines:
136 * - All feature #defines are now of the form FEATURE_xxx
137 * - Permanently turned off WIN_GUI_EDIT
138 * - Permanently turned on WEBDAV and SPLIT_PROXY_ARGS
140 * Revision 1.12 2001/07/29 19:01:11 jongfoster
141 * Changed _FILENAME_H to FILENAME_H_INCLUDED.
142 * Added forward declarations for needed structures.
144 * Revision 1.11 2001/07/13 14:00:18 oes
145 * - Introduced gif_deanimate_response
146 * - Renamed re_process_buffer to pcrs_filter_response
147 * - Removed all #ifdef PCRS
149 * Revision 1.10 2001/06/29 13:29:01 oes
150 * Cleaned up and updated to reflect the changesin
153 * Revision 1.9 2001/06/07 23:10:53 jongfoster
154 * Replacing struct gateway with struct forward_spec
156 * Revision 1.8 2001/06/03 19:12:00 oes
157 * extracted-CGI relevant stuff
159 * Revision 1.7 2001/05/31 21:21:30 jongfoster
160 * Permissionsfile / actions file changes:
161 * - Changed "permission" to "action" throughout
162 * - changes to file format to allow string parameters
163 * - Moved helper functions to actions.c
165 * Revision 1.6 2001/05/29 09:50:24 jongfoster
166 * Unified blocklist/imagelist/permissionslist.
167 * File format is still under discussion, but the internal changes
170 * Also modified interceptor behaviour:
171 * - We now intercept all URLs beginning with one of the following
172 * prefixes (and *only* these prefixes):
174 * * http://ijbswa.sf.net/config/
175 * * http://ijbswa.sourceforge.net/config/
176 * - New interceptors "home page" - go to http://i.j.b/ to see it.
177 * - Internal changes so that intercepted and fast redirect pages
178 * are not replaced with an image.
179 * - Interceptors now have the option to send a binary page direct
180 * to the client. (i.e. ijb-send-banner uses this)
181 * - Implemented show-url-info interceptor. (Which is why I needed
182 * the above interceptors changes - a typical URL is
183 * "http://i.j.b/show-url-info?url=www.somesite.com/banner.gif".
184 * The previous mechanism would not have intercepted that, and
185 * if it had been intercepted then it then it would have replaced
188 * Revision 1.5 2001/05/27 22:17:04 oes
190 * - re_process_buffer no longer writes the modified buffer
191 * to the client, which was very ugly. It now returns the
192 * buffer, which it is then written by chat.
194 * - content_length now adjusts the Content-Length: header
195 * for modified documents rather than crunch()ing it.
196 * (Length info in csp->content_length, which is 0 for
197 * unmodified documents)
199 * - For this to work, sed() is called twice when filtering.
201 * Revision 1.4 2001/05/26 15:26:15 jongfoster
202 * ACL feature now provides more security by immediately dropping
203 * connections from untrusted hosts.
205 * Revision 1.3 2001/05/22 18:46:04 oes
207 * - Enabled filtering banners by size rather than URL
208 * by adding patterns that replace all standard banner
209 * sizes with the "Junkbuster" gif to the re_filterfile
211 * - Enabled filtering WebBugs by providing a pattern
212 * which kills all 1x1 images
214 * - Added support for PCRE_UNGREEDY behaviour to pcrs,
215 * which is selected by the (nonstandard and therefore
216 * capital) letter 'U' in the option string.
217 * It causes the quantifiers to be ungreedy by default.
218 * Appending a ? turns back to greedy (!).
220 * - Added a new interceptor ijb-send-banner, which
221 * sends back the "Junkbuster" gif. Without imagelist or
222 * MSIE detection support, or if tinygif = 1, or the
223 * URL isn't recognized as an imageurl, a lame HTML
224 * explanation is sent instead.
226 * - Added new feature, which permits blocking remote
227 * script redirects and firing back a local redirect
229 * The feature is conditionally compiled, i.e. it
230 * can be disabled with --disable-fast-redirects,
231 * plus it must be activated by a "fast-redirects"
232 * line in the config file, has its own log level
233 * and of course wants to be displayed by show-proxy-args
234 * Note: Boy, all the #ifdefs in 1001 locations and
235 * all the fumbling with configure.in and acconfig.h
236 * were *way* more work than the feature itself :-(
238 * - Because a generic redirect template was needed for
239 * this, tinygif = 3 now uses the same.
241 * - Moved GIFs, and other static HTTP response templates
246 * - Removed some >400 CRs again (Jon, you really worked
249 * Revision 1.2 2001/05/20 01:21:20 jongfoster
250 * Version 2.9.4 checkin.
251 * - Merged popupfile and cookiefile, and added control over PCRS
252 * filtering, in new "permissionsfile".
253 * - Implemented LOG_LEVEL_FATAL, so that if there is a configuration
254 * file error you now get a message box (in the Win32 GUI) rather
255 * than the program exiting with no explanation.
256 * - Made killpopup use the PCRS MIME-type checking and HTTP-header
258 * - Removed tabs from "config"
259 * - Moved duplicated url parsing code in "loaders.c" to a new funcition.
260 * - Bumped up version number.
262 * Revision 1.1.1.1 2001/05/15 13:58:52 oes
263 * Initial import of version 2.9.3 source tree
266 *********************************************************************/
276 struct access_control_addr;
279 struct http_response;
280 struct current_action_spec;
289 extern int block_acl(struct access_control_addr *dst, struct client_state *csp);
290 extern int acl_addr(const char *aspec, struct access_control_addr *aca);
291 #endif /* def FEATURE_ACL */
296 extern struct http_response *block_url(struct client_state *csp);
297 extern struct http_response *redirect_url(struct client_state *csp);
299 extern struct http_response *trust_url(struct client_state *csp);
300 #endif /* def FEATURE_TRUST */
306 extern int is_untrusted_url(const struct client_state *csp);
307 #endif /* def FEATURE_TRUST */
308 #ifdef FEATURE_IMAGE_BLOCKING
309 extern int is_imageurl(const struct client_state *csp);
310 #endif /* def FEATURE_IMAGE_BLOCKING */
311 extern int connect_port_is_forbidden(const struct client_state *csp);
314 * Determining applicable actions
316 extern void get_url_actions(struct client_state *csp,
317 struct http_request *http);
318 extern void apply_url_actions(struct current_action_spec *action,
319 struct http_request *http,
320 struct url_actions *b);
322 * Determining parent proxies
324 extern const struct forward_spec *forward_url(struct client_state *csp,
325 const struct http_request *http);
328 * Content modification
331 typedef char *(*filter_function_ptr)();
332 extern char *execute_content_filter(struct client_state *csp, filter_function_ptr content_filter);
334 extern filter_function_ptr get_filter_function(struct client_state *csp);
335 extern char *execute_single_pcrs_command(char *subject, const char *pcrs_command, int *hits);
336 extern char *rewrite_url(char *old_url, const char *pcrs_command);
337 extern char *get_last_url(char *subject, const char *redirect_mode);
339 extern pcrs_job *compile_dynamic_pcrs_job_list(const struct client_state *csp, const struct re_filterfile_spec *b);
341 extern int content_filters_enabled(const struct current_action_spec *action);
344 * Handling Max-Forwards:
346 extern struct http_response *direct_response(struct client_state *csp);
353 #define INADDR_NONE -1
357 * Revision control strings from this header and associated .c file
359 extern const char filters_rcs[];
360 extern const char filters_h_rcs[];
366 #endif /* ndef FILTERS_H_INCLUDED */