+/****************************************************************************
+ * deny-access source-ip[/significant-bits] [dest-ip[/significant-bits]]
+ ****************************************************************************/
+#ifdef FEATURE_ACL
+ case hash_deny_access:
+ vec_count = ssplit(arg, " \t", vec, SZ(vec), 1, 1);
+
+ if ((vec_count != 1) && (vec_count != 2))
+ {
+ log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for "
+ "deny-access directive in configuration file.");
+ config->proxy_args = strsav( config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for "
+ "deny-access directive in configuration file.<br><br>\n");
+ continue;
+ }
+
+ /* allocate a new node */
+ cur_acl = (struct access_control_list *) zalloc(sizeof(*cur_acl));
+
+ if (cur_acl == NULL)
+ {
+ log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration");
+ /* Never get here - LOG_LEVEL_FATAL causes program exit */
+ continue;
+ }
+ cur_acl->action = ACL_DENY;
+
+ if (acl_addr(vec[0], cur_acl->src) < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "Invalid source IP for deny-access "
+ "directive in configuration file: \"%s\"", vec[0]);
+ config->proxy_args = strsav( config->proxy_args,
+ "<br>\nWARNING: Invalid source IP for deny-access directive"
+ " in configuration file: \"");
+ config->proxy_args = strsav( config->proxy_args,
+ vec[0]);
+ config->proxy_args = strsav( config->proxy_args,
+ "\"<br><br>\n");
+ freez(cur_acl);
+ continue;
+ }
+ if (vec_count == 2)
+ {
+ if (acl_addr(vec[1], cur_acl->dst) < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "Invalid destination IP for deny-access "
+ "directive in configuration file: \"%s\"", vec[0]);
+ config->proxy_args = strsav( config->proxy_args,
+ "<br>\nWARNING: Invalid destination IP for deny-access directive"
+ " in configuration file: \"");
+ config->proxy_args = strsav( config->proxy_args,
+ vec[0]);
+ config->proxy_args = strsav( config->proxy_args,
+ "\"<br><br>\n");
+ freez(cur_acl);
+ continue;
+ }
+ }
+
+ /*
+ * Add it to the list. Note we reverse the list to get the
+ * behaviour the user expects. With both the ACL and
+ * actions file, the last match wins. However, the internal
+ * implementations are different: The actions file is stored
+ * in the same order as the file, and scanned completely.
+ * With the ACL, we reverse the order as we load it, then
+ * when we scan it we stop as soon as we get a match.
+ */
+ cur_acl->next = config->acl;
+ config->acl = cur_acl;
+
+ continue;
+#endif /* def FEATURE_ACL */
+
+/****************************************************************************
+ * forward url-pattern (.|http-proxy-host[:port])
+ ****************************************************************************/
+ case hash_forward:
+ vec_count = ssplit(arg, " \t", vec, SZ(vec), 1, 1);
+
+ if (vec_count != 2)
+ {
+ log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for forward "
+ "directive in configuration file.");
+ config->proxy_args = strsav( config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for "
+ "forward directive in configuration file.");
+ continue;
+ }
+
+ /* allocate a new node */
+ cur_fwd = zalloc(sizeof(*cur_fwd));
+ if (cur_fwd == NULL)
+ {
+ log_error(LOG_LEVEL_FATAL, "can't allocate memory for configuration");
+ /* Never get here - LOG_LEVEL_FATAL causes program exit */
+ continue;
+ }
+
+ cur_fwd->type = SOCKS_NONE;
+
+ /* Save the URL pattern */
+ if (create_url_spec(cur_fwd->url, vec[0]))
+ {
+ log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward "
+ "directive in configuration file.");
+ config->proxy_args = strsav( config->proxy_args,
+ "<br>\nWARNING: Bad URL specifier for "
+ "forward directive in configuration file.");
+ continue;
+ }
+
+ /* Parse the parent HTTP proxy host:port */
+ p = vec[1];
+
+ if (strcmp(p, ".") != 0)