If limit-connect isn't used, don't limit CONNECT requests to port 443.

diff --git a/ChangeLog b/ChangeLog
index da62422..9f66a97 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,9 @@ ChangeLog for Privoxy
 - Forbidden CONNECT requests are treated like blocks by default.
   The now-pointless treat-forbidden-connects-like-blocks action
   has been removed.
 - Forbidden CONNECT requests are treated like blocks by default.
   The now-pointless treat-forbidden-connects-like-blocks action
   has been removed.

+- Not enabling limit-connect now allows CONNECT requests to all ports.
+  In previous versions it would only allow CONNECT requests to port 443.
+  Use +limit-connect{443} if you think you need the old default behaviour.

 - Fixed false-positives with the link-by-url filter and URLs that
   contain the pattern "/jump/".
 - The less-download-windows filter no longer messes
 - Fixed false-positives with the link-by-url filter and URLs that
   contain the pattern "/jump/".
 - The less-download-windows filter no longer messes

diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index bc82970..46ca739 100644 (file)
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -33,7 +33,7 @@
                 This file belongs into
                 ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
 
                 This file belongs into
                 ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
 

- $Id: user-manual.sgml,v 2.64 2008/03/01 14:10:28 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.65 2008/03/04 18:30:40 fabiankeil Exp $

 
  Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
  See LICENSE.
 
  Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
  See LICENSE.


@@ -59,7 +59,7 @@
  </subscript>
 </pubdate>
 
  </subscript>
 </pubdate>
 

-<pubdate>$Id: user-manual.sgml,v 2.64 2008/03/01 14:10:28 fabiankeil Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 2.65 2008/03/04 18:30:40 fabiankeil Exp $</pubdate>

 
 <!--
 
 
 <!--
 


@@ -5205,10 +5205,9 @@ new action
   <listitem>
    <para>
     By default, i.e. if no <literal>limit-connect</literal> action applies,
   <listitem>
    <para>
     By default, i.e. if no <literal>limit-connect</literal> action applies,

-    <application>Privoxy</application> only allows HTTP CONNECT
-    requests to port 443 (the standard, secure HTTPS port). Use 
-    <literal>limit-connect</literal> if more fine-grained control is desired
-    for some or all destinations.
+    <application>Privoxy</application> allows HTTP CONNECT requests to all
+    ports. Use <literal>limit-connect</literal> if fine-grained control
+    is desired for some or all destinations.

    </para>
    <para>
     The CONNECT methods exists in HTTP to allow access to secure websites
    </para>
    <para>
     The CONNECT methods exists in HTTP to allow access to secure websites


@@ -5232,7 +5231,7 @@ new action
    <!-- I probably have the wrong font setup, bollocks. -->
    <!-- Apparently the emphasis tag uses a proportional font no matter what -->
     <para>
    <!-- I probably have the wrong font setup, bollocks. -->
    <!-- Apparently the emphasis tag uses a proportional font no matter what -->
     <para>

-     <screen>+limit-connect{443}                   # This is the default and need not be specified.
+     <screen>+limit-connect{443}                   # Port 443 is OK.

 +limit-connect{80,443}                # Ports 80 and 443 are OK.
 +limit-connect{-3, 7, 20-100, 500-}   # Ports less than 3, 7, 20 to 100 and above 500 are OK.
 +limit-connect{-}                     # All ports are OK
 +limit-connect{80,443}                # Ports 80 and 443 are OK.
 +limit-connect{-3, 7, 20-100, 500-}   # Ports less than 3, 7, 20 to 100 and above 500 are OK.
 +limit-connect{-}                     # All ports are OK


@@ -8867,6 +8866,10 @@ In file: user.action <guibutton>[ View ]</guibutton> <guibutton>[ Edit ]</guibut
  USA
 
  $Log: user-manual.sgml,v $
  USA
 
  $Log: user-manual.sgml,v $

+ Revision 2.65  2008/03/04 18:30:40  fabiankeil
+ Remove the treat-forbidden-connects-like-blocks action. We now
+ use the "blocked" page for forbidden CONNECT requests by default.
+

  Revision 2.64  2008/03/01 14:10:28  fabiankeil
  Use new block syntax. Still needs some polishing.
 
  Revision 2.64  2008/03/01 14:10:28  fabiankeil
  Use new block syntax. Still needs some polishing.
 

diff --git a/filters.c b/filters.c
index cfa5b77..7a223dc 100644 (file)
--- a/filters.c
+++ b/filters.c
@@ -1,4 +1,4 @@
-const char filters_rcs[] = "$Id: filters.c,v 1.101 2008/02/23 16:57:12 fabiankeil Exp $";
+const char filters_rcs[] = "$Id: filters.c,v 1.102 2008/03/01 14:00:44 fabiankeil Exp $";

 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/filters.c,v $
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/filters.c,v $


@@ -40,6 +40,10 @@ const char filters_rcs[] = "$Id: filters.c,v 1.101 2008/02/23 16:57:12 fabiankei
  *
  * Revisions   :
  *    $Log: filters.c,v $
  *
  * Revisions   :
  *    $Log: filters.c,v $

+ *    Revision 1.102  2008/03/01 14:00:44  fabiankeil
+ *    Let the block action take the reason for the block
+ *    as argument and show it on the "blocked" page.
+ *

  *    Revision 1.101  2008/02/23 16:57:12  fabiankeil
  *    Rename url_actions() to get_url_actions() and let it
  *    use the standard parameter ordering.
  *    Revision 1.101  2008/02/23 16:57:12  fabiankeil
  *    Rename url_actions() to get_url_actions() and let it
  *    use the standard parameter ordering.


@@ -838,9 +842,9 @@ int acl_addr(const char *aspec, struct access_control_addr *aca)
  *********************************************************************/
 int connect_port_is_forbidden(const struct client_state *csp)
 {
  *********************************************************************/
 int connect_port_is_forbidden(const struct client_state *csp)
 {

-   return ((!(csp->action->flags & ACTION_LIMIT_CONNECT) && csp->http->port != 443)
-      || (csp->action->flags & ACTION_LIMIT_CONNECT &&
-          !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT], csp->http->port)));
+   return ((csp->action->flags & ACTION_LIMIT_CONNECT) &&
+     !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT],
+        csp->http->port));

 }
 
 
 }
 
 

diff --git a/jcc.c b/jcc.c
index 82ab453..65bfc93 100644 (file)
--- a/jcc.c
+++ b/jcc.c
@@ -1,4 +1,4 @@
-const char jcc_rcs[] = "$Id: jcc.c,v 1.168 2008/03/02 12:25:25 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.169 2008/03/04 18:30:39 fabiankeil Exp $";

 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/jcc.c,v $
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/jcc.c,v $


@@ -33,6 +33,10 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.168 2008/03/02 12:25:25 fabiankeil Exp $"
  *
  * Revisions   :
  *    $Log: jcc.c,v $
  *
  * Revisions   :
  *    $Log: jcc.c,v $

+ *    Revision 1.169  2008/03/04 18:30:39  fabiankeil
+ *    Remove the treat-forbidden-connects-like-blocks action. We now
+ *    use the "blocked" page for forbidden CONNECT requests by default.
+ *

  *    Revision 1.168  2008/03/02 12:25:25  fabiankeil
  *    Also use shiny new connect_port_is_forbidden() in jcc.c.
  *
  *    Revision 1.168  2008/03/02 12:25:25  fabiankeil
  *    Also use shiny new connect_port_is_forbidden() in jcc.c.
  *


@@ -2192,9 +2196,8 @@ static void chat(struct client_state *csp)
    if (http->ssl && connect_port_is_forbidden(csp))
    {
       const char *acceptable_connect_ports =
    if (http->ssl && connect_port_is_forbidden(csp))
    {
       const char *acceptable_connect_ports =

-         csp->action->string[ACTION_STRING_LIMIT_CONNECT] ?
-         csp->action->string[ACTION_STRING_LIMIT_CONNECT] :
-         "443 (implied default)";
+         csp->action->string[ACTION_STRING_LIMIT_CONNECT];
+      assert(NULL != acceptable_connect_ports);

       log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
          "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
          csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
       log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
          "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
          csp->ip_addr_str, acceptable_connect_ports, csp->http->port);