X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=jcc.c;h=65bfc93a61c835882a8cdf9b886923f05ba9e037;hp=0e5f9f7ea14928f7831034c997ee29816aefa5a7;hb=92cc45c930b9f4f6e19286abf07a209b4443acc3;hpb=ced7af21836d0e49074b20daa55bc0e7af49d7ed diff --git a/jcc.c b/jcc.c index 0e5f9f7e..65bfc93a 100644 --- a/jcc.c +++ b/jcc.c @@ -1,4 +1,4 @@ -const char jcc_rcs[] = "$Id: jcc.c,v 1.166 2008/02/23 16:33:43 fabiankeil Exp $"; +const char jcc_rcs[] = "$Id: jcc.c,v 1.169 2008/03/04 18:30:39 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/jcc.c,v $ @@ -33,6 +33,17 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.166 2008/02/23 16:33:43 fabiankeil Exp $" * * Revisions : * $Log: jcc.c,v $ + * Revision 1.169 2008/03/04 18:30:39 fabiankeil + * Remove the treat-forbidden-connects-like-blocks action. We now + * use the "blocked" page for forbidden CONNECT requests by default. + * + * Revision 1.168 2008/03/02 12:25:25 fabiankeil + * Also use shiny new connect_port_is_forbidden() in jcc.c. + * + * Revision 1.167 2008/02/23 16:57:12 fabiankeil + * Rename url_actions() to get_url_actions() and let it + * use the standard parameter ordering. + * * Revision 1.166 2008/02/23 16:33:43 fabiankeil * Let forward_url() use the standard parameter ordering * and mark its second parameter immutable. @@ -1139,12 +1150,6 @@ static const char CHEADER[] = "Connection: close\r\n\r\n" "Invalid header received from client.\r\n"; -static const char CFORBIDDEN[] = - "HTTP/1.0 403 Connection not allowable\r\n" - "Proxy-Agent: Privoxy " VERSION "\r\n" - "X-Hint: If you read this message interactively, then you know why this happens ,-)\r\n" - "Connection: close\r\n\r\n"; - static const char FTP_RESPONSE[] = "HTTP/1.0 400 Invalid request received from client\r\n" "Content-Type: text/plain\r\n" @@ -2188,52 +2193,16 @@ static void chat(struct client_state *csp) * */ - /* - * Check if a CONNECT request is allowable: - * In the absence of a +limit-connect action, allow only port 443. - * If there is an action, allow whatever matches the specificaton. - */ - if(http->ssl) + if (http->ssl && connect_port_is_forbidden(csp)) { - if( ( !(csp->action->flags & ACTION_LIMIT_CONNECT) && csp->http->port != 443) - || (csp->action->flags & ACTION_LIMIT_CONNECT - && !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT], csp->http->port)) ) - { - const char *acceptable_connect_ports = - csp->action->string[ACTION_STRING_LIMIT_CONNECT] ? - csp->action->string[ACTION_STRING_LIMIT_CONNECT] : - "443 (implied default)"; - if (csp->action->flags & ACTION_TREAT_FORBIDDEN_CONNECTS_LIKE_BLOCKS) - { - /* - * The response may confuse some clients, - * but makes unblocking easier. - * - * XXX: It seems to work with all major browsers, - * so we should consider returning a body by default someday ... - */ - log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. " - "limit-connect{%s} doesn't allow CONNECT requests to port %d.", - csp->ip_addr_str, acceptable_connect_ports, csp->http->port); - csp->action->flags |= ACTION_BLOCK; - http->ssl = 0; - } - else - { - write_socket(csp->cfd, CFORBIDDEN, strlen(CFORBIDDEN)); - log_error(LOG_LEVEL_INFO, "Request from %s denied. " - "limit-connect{%s} doesn't allow CONNECT requests to port %d.", - csp->ip_addr_str, acceptable_connect_ports, csp->http->port); - assert(NULL != csp->http->ocmd); - log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 403 0", csp->ip_addr_str, csp->http->ocmd); - - list_remove_all(csp->headers); - /* - * XXX: For consistency we might want to log a crunch message here. - */ - return; - } - } + const char *acceptable_connect_ports = + csp->action->string[ACTION_STRING_LIMIT_CONNECT]; + assert(NULL != acceptable_connect_ports); + log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. " + "limit-connect{%s} doesn't allow CONNECT requests to port %d.", + csp->ip_addr_str, acceptable_connect_ports, csp->http->port); + csp->action->flags |= ACTION_BLOCK; + http->ssl = 0; } if (http->ssl == 0)