From: Fabian Keil Date: Fri, 19 Sep 2008 15:26:29 +0000 (+0000) Subject: Add change-x-forwarded-for{} action to block or add X-Git-Tag: v_3_0_11~245 X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=cf9f517a263476946c02425c48dcf9118314454a Add change-x-forwarded-for{} action to block or add X-Forwarded-For headers. Mostly based on code removed before 3.0.7. --- diff --git a/actionlist.h b/actionlist.h index 6986acc0..4ba81a7b 100644 --- a/actionlist.h +++ b/actionlist.h @@ -39,6 +39,9 @@ * * Revisions : * $Log: actionlist.h,v $ + * Revision 1.33 2008/03/29 12:13:45 fabiankeil + * Remove send-wafer and send-vanilla-wafer actions. + * * Revision 1.32 2008/03/28 15:13:42 fabiankeil * Remove inspect-jpegs action. * @@ -247,6 +250,9 @@ DEFINE_ACTION_STRING ("set-image-blocker", ACTION_IMAGE_BLOCKER, DEFINE_CGI_PARAM_RADIO ("set-image-blocker", ACTION_IMAGE_BLOCKER, ACTION_STRING_IMAGE_BLOCKER, "pattern", 1) DEFINE_CGI_PARAM_RADIO ("set-image-blocker", ACTION_IMAGE_BLOCKER, ACTION_STRING_IMAGE_BLOCKER, "blank", 0) DEFINE_CGI_PARAM_CUSTOM ("set-image-blocker", ACTION_IMAGE_BLOCKER, ACTION_STRING_IMAGE_BLOCKER, CGI_PREFIX "send-banner?type=pattern") +DEFINE_ACTION_STRING ("change-x-forwarded-for", ACTION_CHANGE_X_FORWARDED_FOR, ACTION_STRING_CHANGE_X_FORWARDED_FOR) +DEFINE_CGI_PARAM_RADIO ("change-x-forwarded-for", ACTION_CHANGE_X_FORWARDED_FOR, ACTION_STRING_CHANGE_X_FORWARDED_FOR, "block", 0) +DEFINE_CGI_PARAM_RADIO ("change-x-forwarded-for", ACTION_CHANGE_X_FORWARDED_FOR, ACTION_STRING_CHANGE_X_FORWARDED_FOR, "add", 1) #if DEFINE_ACTION_ALIAS diff --git a/loaders.c b/loaders.c index 88564dc5..f2d8d5f8 100644 --- a/loaders.c +++ b/loaders.c @@ -1,4 +1,4 @@ -const char loaders_rcs[] = "$Id: loaders.c,v 1.66 2008/03/21 11:16:30 fabiankeil Exp $"; +const char loaders_rcs[] = "$Id: loaders.c,v 1.67 2008/03/30 14:52:08 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/loaders.c,v $ @@ -35,6 +35,10 @@ const char loaders_rcs[] = "$Id: loaders.c,v 1.66 2008/03/21 11:16:30 fabiankeil * * Revisions : * $Log: loaders.c,v $ + * Revision 1.67 2008/03/30 14:52:08 fabiankeil + * Rename load_actions_file() and load_re_filterfile() + * as they load multiple files "now". + * * Revision 1.66 2008/03/21 11:16:30 fabiankeil * Garbage-collect csp->my_ip_addr_str and csp->my_hostname. * @@ -507,6 +511,7 @@ void sweep(void) freez(csp->ip_addr_str); freez(csp->iob->buf); + freez(csp->x_forwarded_for); freez(csp->error_message); if (csp->action->flags & ACTION_FORWARD_OVERRIDE && diff --git a/parsers.c b/parsers.c index d08c4fc2..77f54af4 100644 --- a/parsers.c +++ b/parsers.c @@ -1,4 +1,4 @@ -const char parsers_rcs[] = "$Id: parsers.c,v 1.139 2008/09/04 08:13:58 fabiankeil Exp $"; +const char parsers_rcs[] = "$Id: parsers.c,v 1.140 2008/09/12 17:51:43 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/parsers.c,v $ @@ -44,6 +44,10 @@ const char parsers_rcs[] = "$Id: parsers.c,v 1.139 2008/09/04 08:13:58 fabiankei * * Revisions : * $Log: parsers.c,v $ + * Revision 1.140 2008/09/12 17:51:43 fabiankeil + * - A few style fixes. + * - Remove a pointless cast. + * * Revision 1.139 2008/09/04 08:13:58 fabiankeil * Prepare for critical sections on Windows by adding a * layer of indirection before the pthread mutex functions. @@ -922,6 +926,7 @@ static jb_err server_content_disposition(struct client_state *csp, char **header static jb_err client_host_adder (struct client_state *csp); static jb_err client_xtra_adder (struct client_state *csp); +static jb_err client_x_forwarded_for_adder(struct client_state *csp); static jb_err connection_close_adder (struct client_state *csp); static jb_err create_forged_referrer(char **header, const char *hostport); @@ -988,6 +993,7 @@ static const struct parsers server_patterns[] = { static const add_header_func_ptr add_client_headers[] = { client_host_adder, + client_x_forwarded_for_adder, client_xtra_adder, /* Temporarily disabled: client_accept_encoding_adder, */ connection_close_adder, @@ -3367,11 +3373,27 @@ static jb_err client_send_cookie(struct client_state *csp, char **header) *********************************************************************/ jb_err client_x_forwarded(struct client_state *csp, char **header) { - if ((csp->action->flags & ACTION_HIDE_FORWARDED) != 0) + int block_header = (((csp->action->flags & ACTION_HIDE_FORWARDED) != 0) + || ((csp->action->flags & ACTION_CHANGE_X_FORWARDED_FOR) && + (0 == strcmpic(csp->action->string[ACTION_STRING_CHANGE_X_FORWARDED_FOR], "block")))); + + if (block_header) { freez(*header); log_error(LOG_LEVEL_HEADER, "crunched x-forwarded-for!"); } + else if (0 == strcmpic(csp->action->string[ACTION_STRING_CHANGE_X_FORWARDED_FOR], "add")) + { + /* Save it so we can re-add it later */ + freez(csp->x_forwarded_for); + csp->x_forwarded_for = *header; + + /* + * Always set *header = NULL, since this information + * will be sent at the end of the header. + */ + *header = NULL; + } return JB_ERR_OK; } @@ -3854,6 +3876,54 @@ static jb_err client_xtra_adder(struct client_state *csp) } +/********************************************************************* + * + * Function : client_x_forwarded_for_adder + * + * Description : Used in the add_client_headers list. Called from `sed'. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * + * Returns : JB_ERR_OK on success, or + * JB_ERR_MEMORY on out-of-memory error. + * + *********************************************************************/ +static jb_err client_x_forwarded_for_adder(struct client_state *csp) +{ + char *header = NULL; + jb_err err; + + if (!((csp->action->flags & ACTION_CHANGE_X_FORWARDED_FOR) && + (0 == strcmpic(csp->action->string[ACTION_STRING_CHANGE_X_FORWARDED_FOR], "add")))) + { + return JB_ERR_OK; + } + + if (csp->x_forwarded_for) + { + header = strdup(csp->x_forwarded_for); + string_append(&header, ", "); + } + else + { + header = strdup("X-Forwarded-For: "); + } + string_append(&header, csp->ip_addr_str); + + if (header == NULL) + { + return JB_ERR_MEMORY; + } + + log_error(LOG_LEVEL_HEADER, "addh: %s", header); + err = enlist(csp->headers, header); + freez(header); + + return err; +} + + /********************************************************************* * * Function : connection_close_adder diff --git a/project.h b/project.h index 6e2c838e..8bf30209 100644 --- a/project.h +++ b/project.h @@ -1,7 +1,7 @@ #ifndef PROJECT_H_INCLUDED #define PROJECT_H_INCLUDED /** Version string. */ -#define PROJECT_H_VERSION "$Id: project.h,v 1.116 2008/05/20 16:05:02 fabiankeil Exp $" +#define PROJECT_H_VERSION "$Id: project.h,v 1.117 2008/08/30 12:03:07 fabiankeil Exp $" /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/project.h,v $ @@ -37,6 +37,9 @@ * * Revisions : * $Log: project.h,v $ + * Revision 1.117 2008/08/30 12:03:07 fabiankeil + * Remove FEATURE_COOKIE_JAR. + * * Revision 1.116 2008/05/20 16:05:02 fabiankeil * Move parsers structure definition from project.h to parsers.h. * @@ -1105,6 +1108,8 @@ struct iob #define ACTION_OVERWRITE_LAST_MODIFIED 0x02000000UL /** Action bitmap: Replace or block Accept-Language header */ #define ACTION_HIDE_ACCEPT_LANGUAGE 0x04000000UL +/** Action bitmap: Remove or add "X-Forwarded-For" header. */ +#define ACTION_CHANGE_X_FORWARDED_FOR 0x08000000UL /** Action string index: How to deanimate GIFs */ @@ -1141,8 +1146,10 @@ struct iob #define ACTION_STRING_FORWARD_OVERRIDE 15 /** Action string index: Reason for the block. */ #define ACTION_STRING_BLOCK 16 +/** Action string index: what to do with the "X-Forwarded-For" header. */ +#define ACTION_STRING_CHANGE_X_FORWARDED_FOR 17 /** Number of string actions. */ -#define ACTION_STRING_COUNT 17 +#define ACTION_STRING_COUNT 18 /* To make the ugly hack in sed easier to understand */ @@ -1375,6 +1382,13 @@ struct client_state /** MIME-Type key, see CT_* above */ unsigned int content_type; + /** The "X-Forwarded-For:" header sent by the client */ + /* + * XXX: this is a hack that causes problems if + * there's more than one X-Forwarded-For header. + */ + char *x_forwarded_for; + /** Actions files associated with this client */ struct file_list *actions_list[MAX_AF_FILES]; diff --git a/templates/edit-actions-for-url b/templates/edit-actions-for-url index 238ee9a3..2c9f470d 100644 --- a/templates/edit-actions-for-url +++ b/templates/edit-actions-for-url @@ -32,6 +32,9 @@ # # Revisions : # $Log: edit-actions-for-url,v $ +# Revision 1.54 2008/03/29 12:14:27 fabiankeil +# Remove send-wafer and send-vanilla-wafer actions. +# # Revision 1.53 2008/03/28 15:13:45 fabiankeil # Remove inspect-jpegs action. # @@ -551,6 +554,31 @@ function show_limit_connect_opts(tf) + + + + + change-x-forwarded-for + Specifies whether to block or add X-Forwarded-For headers. + + +   +   +   +   +
+
+