#ifndef _FILTERS_H
#define _FILTERS_H
-#define FILTERS_H_VERSION "$Id: filters.h,v 1.2 2001/05/20 01:21:20 jongfoster Exp $"
+#define FILTERS_H_VERSION "$Id: filters.h,v 1.9 2001/06/07 23:10:53 jongfoster Exp $"
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/filters.h,v $
* Purpose : Declares functions to parse/crunch headers and pages.
* Functions declared include:
* `acl_addr', `add_stats', `block_acl', `block_imageurl',
- * `block_url', `url_permissions', `domaincmp', `dsplit',
+ * `block_url', `url_actions', `domaincmp', `dsplit',
* `filter_popups', `forward_url'
* `ij_untrusted_url', `intercept_url', `re_process_buffer',
* `show_proxy_args', and `trust_url'
*
* Revisions :
* $Log: filters.h,v $
+ * Revision 1.9 2001/06/07 23:10:53 jongfoster
+ * Replacing struct gateway with struct forward_spec
+ *
+ * Revision 1.8 2001/06/03 19:12:00 oes
+ * extracted-CGI relevant stuff
+ *
+ * Revision 1.7 2001/05/31 21:21:30 jongfoster
+ * Permissionsfile / actions file changes:
+ * - Changed "permission" to "action" throughout
+ * - changes to file format to allow string parameters
+ * - Moved helper functions to actions.c
+ *
+ * Revision 1.6 2001/05/29 09:50:24 jongfoster
+ * Unified blocklist/imagelist/permissionslist.
+ * File format is still under discussion, but the internal changes
+ * are (mostly) done.
+ *
+ * Also modified interceptor behaviour:
+ * - We now intercept all URLs beginning with one of the following
+ * prefixes (and *only* these prefixes):
+ * * http://i.j.b/
+ * * http://ijbswa.sf.net/config/
+ * * http://ijbswa.sourceforge.net/config/
+ * - New interceptors "home page" - go to http://i.j.b/ to see it.
+ * - Internal changes so that intercepted and fast redirect pages
+ * are not replaced with an image.
+ * - Interceptors now have the option to send a binary page direct
+ * to the client. (i.e. ijb-send-banner uses this)
+ * - Implemented show-url-info interceptor. (Which is why I needed
+ * the above interceptors changes - a typical URL is
+ * "http://i.j.b/show-url-info?url=www.somesite.com/banner.gif".
+ * The previous mechanism would not have intercepted that, and
+ * if it had been intercepted then it then it would have replaced
+ * it with an image.)
+ *
+ * Revision 1.5 2001/05/27 22:17:04 oes
+ *
+ * - re_process_buffer no longer writes the modified buffer
+ * to the client, which was very ugly. It now returns the
+ * buffer, which it is then written by chat.
+ *
+ * - content_length now adjusts the Content-Length: header
+ * for modified documents rather than crunch()ing it.
+ * (Length info in csp->content_length, which is 0 for
+ * unmodified documents)
+ *
+ * - For this to work, sed() is called twice when filtering.
+ *
+ * Revision 1.4 2001/05/26 15:26:15 jongfoster
+ * ACL feature now provides more security by immediately dropping
+ * connections from untrusted hosts.
+ *
+ * Revision 1.3 2001/05/22 18:46:04 oes
+ *
+ * - Enabled filtering banners by size rather than URL
+ * by adding patterns that replace all standard banner
+ * sizes with the "Junkbuster" gif to the re_filterfile
+ *
+ * - Enabled filtering WebBugs by providing a pattern
+ * which kills all 1x1 images
+ *
+ * - Added support for PCRE_UNGREEDY behaviour to pcrs,
+ * which is selected by the (nonstandard and therefore
+ * capital) letter 'U' in the option string.
+ * It causes the quantifiers to be ungreedy by default.
+ * Appending a ? turns back to greedy (!).
+ *
+ * - Added a new interceptor ijb-send-banner, which
+ * sends back the "Junkbuster" gif. Without imagelist or
+ * MSIE detection support, or if tinygif = 1, or the
+ * URL isn't recognized as an imageurl, a lame HTML
+ * explanation is sent instead.
+ *
+ * - Added new feature, which permits blocking remote
+ * script redirects and firing back a local redirect
+ * to the browser.
+ * The feature is conditionally compiled, i.e. it
+ * can be disabled with --disable-fast-redirects,
+ * plus it must be activated by a "fast-redirects"
+ * line in the config file, has its own log level
+ * and of course wants to be displayed by show-proxy-args
+ * Note: Boy, all the #ifdefs in 1001 locations and
+ * all the fumbling with configure.in and acconfig.h
+ * were *way* more work than the feature itself :-(
+ *
+ * - Because a generic redirect template was needed for
+ * this, tinygif = 3 now uses the same.
+ *
+ * - Moved GIFs, and other static HTTP response templates
+ * to project.h
+ *
+ * - Some minor fixes
+ *
+ * - Removed some >400 CRs again (Jon, you really worked
+ * a lot! ;-)
+ *
* Revision 1.2 2001/05/20 01:21:20 jongfoster
* Version 2.9.4 checkin.
* - Merged popupfile and cookiefile, and added control over PCRS
extern "C" {
#endif
+/*
+ * ACL checking
+ */
#ifdef ACL_FILES
-extern int block_acl(struct access_control_addr *src, struct access_control_addr *dst, struct client_state *csp);
+extern int block_acl(struct access_control_addr *dst, struct client_state *csp);
extern int acl_addr(char *aspec, struct access_control_addr *aca);
#endif /* def ACL_FILES */
-extern char *block_url(struct http_request *http, struct client_state *csp);
+/*
+ * Interceptors
+ */
+extern struct http_response *block_url(struct client_state *csp);
+extern struct http_response *redirect_url(struct client_state *csp);
#ifdef TRUST_FILES
-extern char *trust_url(struct http_request *http, struct client_state *csp);
+extern struct http_response *trust_url(struct client_state *csp);
#endif /* def TRUST_FILES */
-extern char *intercept_url(struct http_request *http, struct client_state *csp);
-extern char *redirect_url(struct http_request *http, struct client_state *csp);
-#if defined(DETECT_MSIE_IMAGES) || defined(USE_IMAGE_LIST)
-extern int block_imageurl(struct http_request *http, struct client_state *csp);
-#endif /* defined(DETECT_MSIE_IMAGES) || defined(USE_IMAGE_LIST) */
-
-#ifdef USE_IMAGE_LIST
-extern int block_imageurl_using_imagelist(struct http_request *http, struct client_state *csp);
-#endif /* def USE_IMAGE_LIST */
+/*
+ * Request inspectors
+ */
+#ifdef TRUST_FILES
+extern int is_untrusted_url(struct client_state *csp);
+#endif /* def TRUST_FILES */
+#ifdef IMAGE_BLOCKING
+extern int is_imageurl(struct client_state *csp);
+#endif /* def IMAGE_BLOCKING */
-extern int url_permissions(struct http_request *http, struct client_state *csp);
-extern const struct gateway *forward_url(struct http_request *http, struct client_state *csp);
+/*
+ * Determining applicable actions
+ */
+extern void url_actions(struct http_request *http,
+ struct client_state *csp);
+extern void apply_url_actions(struct current_action_spec *action,
+ struct http_request *http,
+ struct url_actions *b);
+/*
+ * Determining parent proxies
+ */
+extern const struct forward_spec *forward_url(struct http_request *http, struct client_state *csp);
extern struct url_spec dsplit(char *domain);
extern int domaincmp(struct url_spec *pattern, struct url_spec *fqdn);
-extern char *show_proxy_args(struct http_request *http, struct client_state *csp);
-extern char *ijb_send_banner(struct http_request *http, struct client_state *csp);
-
-#ifdef TRUST_FILES
-extern char *ij_untrusted_url(struct http_request *http, struct client_state *csp);
-#endif /* def TRUST_FILES */
-
-#ifdef STATISTICS
-extern char *add_stats(char *s);
-#endif /* def STATISTICS */
-
+/*
+ * Content modification
+ */
#ifdef PCRS
-extern void re_process_buffer(struct client_state *csp);
+extern char *re_process_buffer(struct client_state *csp);
#endif /* def PCRS */
/* Revision control strings from this header and associated .c file */