From e807796b088ae171406ada5fcbf0731f61572f8c Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Thu, 6 Mar 2008 16:33:47 +0000 Subject: [PATCH] If limit-connect isn't used, don't limit CONNECT requests to port 443. --- ChangeLog | 3 +++ doc/source/user-manual.sgml | 17 ++++++++++------- filters.c | 12 ++++++++---- jcc.c | 11 +++++++---- 4 files changed, 28 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index da624222..9f66a97c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ ChangeLog for Privoxy - Forbidden CONNECT requests are treated like blocks by default. The now-pointless treat-forbidden-connects-like-blocks action has been removed. +- Not enabling limit-connect now allows CONNECT requests to all ports. + In previous versions it would only allow CONNECT requests to port 443. + Use +limit-connect{443} if you think you need the old default behaviour. - Fixed false-positives with the link-by-url filter and URLs that contain the pattern "/jump/". - The less-download-windows filter no longer messes diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml index bc82970c..46ca739f 100644 --- a/doc/source/user-manual.sgml +++ b/doc/source/user-manual.sgml @@ -33,7 +33,7 @@ This file belongs into ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/ - $Id: user-manual.sgml,v 2.64 2008/03/01 14:10:28 fabiankeil Exp $ + $Id: user-manual.sgml,v 2.65 2008/03/04 18:30:40 fabiankeil Exp $ Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/ See LICENSE. @@ -59,7 +59,7 @@ -$Id: user-manual.sgml,v 2.64 2008/03/01 14:10:28 fabiankeil Exp $ +$Id: user-manual.sgml,v 2.65 2008/03/04 18:30:40 fabiankeil Exp $ - +limit-connect{443} # This is the default and need not be specified. + +limit-connect{443} # Port 443 is OK. +limit-connect{80,443} # Ports 80 and 443 are OK. +limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK. +limit-connect{-} # All ports are OK @@ -8867,6 +8866,10 @@ In file: user.action [ View ] [ Edit ]action->flags & ACTION_LIMIT_CONNECT) && csp->http->port != 443) - || (csp->action->flags & ACTION_LIMIT_CONNECT && - !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT], csp->http->port))); + return ((csp->action->flags & ACTION_LIMIT_CONNECT) && + !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT], + csp->http->port)); } diff --git a/jcc.c b/jcc.c index 82ab4538..65bfc93a 100644 --- a/jcc.c +++ b/jcc.c @@ -1,4 +1,4 @@ -const char jcc_rcs[] = "$Id: jcc.c,v 1.168 2008/03/02 12:25:25 fabiankeil Exp $"; +const char jcc_rcs[] = "$Id: jcc.c,v 1.169 2008/03/04 18:30:39 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/jcc.c,v $ @@ -33,6 +33,10 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.168 2008/03/02 12:25:25 fabiankeil Exp $" * * Revisions : * $Log: jcc.c,v $ + * Revision 1.169 2008/03/04 18:30:39 fabiankeil + * Remove the treat-forbidden-connects-like-blocks action. We now + * use the "blocked" page for forbidden CONNECT requests by default. + * * Revision 1.168 2008/03/02 12:25:25 fabiankeil * Also use shiny new connect_port_is_forbidden() in jcc.c. * @@ -2192,9 +2196,8 @@ static void chat(struct client_state *csp) if (http->ssl && connect_port_is_forbidden(csp)) { const char *acceptable_connect_ports = - csp->action->string[ACTION_STRING_LIMIT_CONNECT] ? - csp->action->string[ACTION_STRING_LIMIT_CONNECT] : - "443 (implied default)"; + csp->action->string[ACTION_STRING_LIMIT_CONNECT]; + assert(NULL != acceptable_connect_ports); log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. " "limit-connect{%s} doesn't allow CONNECT requests to port %d.", csp->ip_addr_str, acceptable_connect_ports, csp->http->port); -- 2.39.2