specify a Content-Type. Bug reported by Amuro Namie.
- Allow to rewrite the request destination behind the client's back.
- Fix socks requests on big-endian platforms. Patch provided by Song Weijia.
+- Rejected CONNECT requests are logged with log level info
+ (enabled by default) and the reason for the block.
- Minor code clean-ups, filter and action file updates.
(Some of them reported by Davide Alberani, Markus Elfring
and Adam Piggott)
-const char jcc_rcs[] = "$Id: jcc.c,v 1.139 2007/07/14 07:46:41 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.140 2007/07/21 11:51:36 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.140 2007/07/21 11:51:36 fabiankeil
+ * As Hal noticed, checking dispatch_cgi() as the last cruncher
+ * looks like a bug if CGI requests are blocked unintentionally,
+ * so don't do it unless the user enabled the new config option
+ * "allow-cgi-request-crunching".
+ *
* Revision 1.139 2007/07/14 07:46:41 fabiankeil
* - Allow to rewrite the request destination behind the client's back.
* - Turn the weird-looking unconditional for loop that
/*
* The response may confuse some clients,
* but makes unblocking easier.
+ *
+ * XXX: It seems to work with all major browsers,
+ * so we should consider returning a body by default someday ...
*/
- log_error(LOG_LEVEL_ERROR, "Marking suspicious CONNECT request from %s for blocking.",
- csp->ip_addr_str);
+ log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
+ "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
+ csp->ip_addr_str, csp->action->string[ACTION_STRING_LIMIT_CONNECT],
+ csp->http->port);
csp->action->flags |= ACTION_BLOCK;
http->ssl = 0;
}
else
{
write_socket(csp->cfd, CFORBIDDEN, strlen(CFORBIDDEN));
- log_error(LOG_LEVEL_CONNECT, "Denying suspicious CONNECT request from %s", csp->ip_addr_str);
- log_error(LOG_LEVEL_CLF, "%s - - [%T] \" \" 403 0", csp->ip_addr_str);
+ log_error(LOG_LEVEL_INFO, "Request from %s denied. "
+ "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
+ csp->ip_addr_str, csp->action->string[ACTION_STRING_LIMIT_CONNECT],
+ csp->http->port);
+ assert(NULL != csp->http->ocmd);
+ log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 403 0", csp->ip_addr_str, csp->http->ocmd);
list_remove_all(csp->headers);
-
+ /*
+ * XXX: For consistency we might want to log a crunch message here.
+ */
return;
}
}