-const char jcc_rcs[] = "$Id: jcc.c,v 1.165 2008/02/02 19:36:56 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.170 2008/03/06 16:33:46 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
* Purpose : Main file. Contains main() method, main loop, and
* the main connection-handling function.
*
- * Copyright : Written by and Copyright (C) 2001-2007 the SourceForge
+ * Copyright : Written by and Copyright (C) 2001-2008 the SourceForge
* Privoxy team. http://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.170 2008/03/06 16:33:46 fabiankeil
+ * If limit-connect isn't used, don't limit CONNECT requests to port 443.
+ *
+ * Revision 1.169 2008/03/04 18:30:39 fabiankeil
+ * Remove the treat-forbidden-connects-like-blocks action. We now
+ * use the "blocked" page for forbidden CONNECT requests by default.
+ *
+ * Revision 1.168 2008/03/02 12:25:25 fabiankeil
+ * Also use shiny new connect_port_is_forbidden() in jcc.c.
+ *
+ * Revision 1.167 2008/02/23 16:57:12 fabiankeil
+ * Rename url_actions() to get_url_actions() and let it
+ * use the standard parameter ordering.
+ *
+ * Revision 1.166 2008/02/23 16:33:43 fabiankeil
+ * Let forward_url() use the standard parameter ordering
+ * and mark its second parameter immutable.
+ *
* Revision 1.165 2008/02/02 19:36:56 fabiankeil
* Remove the "Listening ... for local connections only" log message.
* Whether or not remote connections are able to reach Privoxy is up
#include "filters.h"
#include "loaders.h"
#include "parsers.h"
-#include "killpopup.h"
#include "miscutil.h"
#include "errlog.h"
#include "jbsockets.h"
"Connection: close\r\n\r\n"
"Invalid header received from client.\r\n";
-static const char CFORBIDDEN[] =
- "HTTP/1.0 403 Connection not allowable\r\n"
- "Proxy-Agent: Privoxy " VERSION "\r\n"
- "X-Hint: If you read this message interactively, then you know why this happens ,-)\r\n"
- "Connection: close\r\n\r\n";
-
static const char FTP_RESPONSE[] =
"HTTP/1.0 400 Invalid request received from client\r\n"
"Content-Type: text/plain\r\n"
struct http_request *http;
int len; /* for buffer sizes (and negative error codes) */
jb_err err;
-#ifdef FEATURE_KILL_POPUPS
- int block_popups_now = 0; /* bool, 1==currently blocking popups */
-#endif /* def FEATURE_KILL_POPUPS */
/* Function that does the content filtering for the current request */
filter_function_ptr content_filter = NULL;
else
#endif /* ndef FEATURE_TOGGLE */
{
- url_actions(http, csp);
+ get_url_actions(csp, http);
}
/*
*
*/
- /*
- * Check if a CONNECT request is allowable:
- * In the absence of a +limit-connect action, allow only port 443.
- * If there is an action, allow whatever matches the specificaton.
- */
- if(http->ssl)
+ if (http->ssl && connect_port_is_forbidden(csp))
{
- if( ( !(csp->action->flags & ACTION_LIMIT_CONNECT) && csp->http->port != 443)
- || (csp->action->flags & ACTION_LIMIT_CONNECT
- && !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT], csp->http->port)) )
- {
- const char *acceptable_connect_ports =
- csp->action->string[ACTION_STRING_LIMIT_CONNECT] ?
- csp->action->string[ACTION_STRING_LIMIT_CONNECT] :
- "443 (implied default)";
- if (csp->action->flags & ACTION_TREAT_FORBIDDEN_CONNECTS_LIKE_BLOCKS)
- {
- /*
- * The response may confuse some clients,
- * but makes unblocking easier.
- *
- * XXX: It seems to work with all major browsers,
- * so we should consider returning a body by default someday ...
- */
- log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
- "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
- csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
- csp->action->flags |= ACTION_BLOCK;
- http->ssl = 0;
- }
- else
- {
- write_socket(csp->cfd, CFORBIDDEN, strlen(CFORBIDDEN));
- log_error(LOG_LEVEL_INFO, "Request from %s denied. "
- "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
- csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
- assert(NULL != csp->http->ocmd);
- log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 403 0", csp->ip_addr_str, csp->http->ocmd);
-
- list_remove_all(csp->headers);
- /*
- * XXX: For consistency we might want to log a crunch message here.
- */
- return;
- }
- }
+ const char *acceptable_connect_ports =
+ csp->action->string[ACTION_STRING_LIMIT_CONNECT];
+ assert(NULL != acceptable_connect_ports);
+ log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
+ "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
+ csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
+ csp->action->flags |= ACTION_BLOCK;
+ http->ssl = 0;
}
if (http->ssl == 0)
*/
buf[len] = '\0';
-#ifdef FEATURE_KILL_POPUPS
- /* Filter the popups on this read. */
- if (block_popups_now)
- {
- filter_popups(buf, csp);
- }
-#endif /* def FEATURE_KILL_POPUPS */
-
/* Normally, this would indicate that we've read
* as much as the server has sent us and we can
* close the client connection. However, Microsoft
if (!http->ssl) /* We talk plaintext */
{
-
-#ifdef FEATURE_KILL_POPUPS
- /* Start blocking popups if appropriate. */
- if ((csp->content_type & CT_TEXT) && /* It's a text / * MIME-Type */
- (csp->action->flags & ACTION_NO_POPUPS) != 0) /* Policy allows */
- {
- block_popups_now = 1;
- /*
- * Filter the part of the body that came in the same read
- * as the last headers:
- */
- filter_popups(csp->iob->cur, csp);
- }
-#endif /* def FEATURE_KILL_POPUPS */
content_filter = get_filter_function(csp);
}
/*
projects / privoxy.git / blobdiff