-const char filters_rcs[] = "$Id: filters.c,v 1.81 2007/03/05 14:40:53 fabiankeil Exp $";
+const char filters_rcs[] = "$Id: filters.c,v 1.82 2007/03/13 11:28:43 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/filters.c,v $
*
* Revisions :
* $Log: filters.c,v $
+ * Revision 1.82 2007/03/13 11:28:43 fabiankeil
+ * - Fix port handling in acl_addr() and use a temporary acl spec
+ * copy so error messages don't contain a truncated version.
+ * - Log size of iob before and after decompression.
+ *
* Revision 1.81 2007/03/05 14:40:53 fabiankeil
* - Cosmetical changes for LOG_LEVEL_RE_FILTER messages.
* - Hide the "Go there anyway" link for blocked CONNECT
#ifdef FEATURE_FORCE_LOAD
err = map(exports, "force-prefix", 1, FORCE_PREFIX, 1);
- if (csp->http->ssl != 0 || 0 == strcmpic(csp->http->gpc, "connect"))
+ /*
+ * Export the force conditional block killer if
+ *
+ * - Privoxy was compiled without FEATURE_FORCE_LOAD, or
+ * - Privoxy is configured to enforce blocks, or
+ * - it's a CONNECT request and enforcing wouldn't work anyway.
+ */
+ if ((csp->config->feature_flags & RUNTIME_FEATURE_ENFORCE_BLOCKS)
+ || (0 == strcmpic(csp->http->gpc, "connect")))
#endif /* ndef FEATURE_FORCE_LOAD */
{
err = map_block_killer(exports, "force-support");
}
/*
- * Export the force prefix or the force conditional block killer
+ * Export the force conditional block killer if
+ *
+ * - Privoxy was compiled without FEATURE_FORCE_LOAD, or
+ * - Privoxy is configured to enforce blocks, or
+ * - it's a CONNECT request and enforcing wouldn't work anyway.
*/
#ifdef FEATURE_FORCE_LOAD
- if (0 == strcmpic(csp->http->gpc, "connect"))
+ if ((csp->config->feature_flags & RUNTIME_FEATURE_ENFORCE_BLOCKS)
+ || (0 == strcmpic(csp->http->gpc, "connect")))
{
- err = map_block_killer(exports, "force-support");
+ err = map_block_killer(exports, "force-support");
}
else
{
-const char jcc_rcs[] = "$Id: jcc.c,v 1.124 2007/02/23 14:59:54 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.125 2007/03/09 14:12:00 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.125 2007/03/09 14:12:00 fabiankeil
+ * - Move null byte check into separate function.
+ * - Don't confuse the client with error pages
+ * if a CONNECT request was already confirmed.
+ *
* Revision 1.124 2007/02/23 14:59:54 fabiankeil
* Speed up NULL byte escaping and only log the complete
* NULL byte requests with header debugging enabled.
}
#ifdef FEATURE_FORCE_LOAD
- /* If this request contains the FORCE_PREFIX,
- * better get rid of it now and set the force flag --oes
+ /*
+ * If this request contains the FORCE_PREFIX and blocks
+ * aren't enforced, get rid of it and set the force flag.
*/
-
if (strstr(req, FORCE_PREFIX))
{
- strclean(req, FORCE_PREFIX);
- log_error(LOG_LEVEL_FORCE, "Enforcing request \"%s\".\n", req);
- csp->flags |= CSP_FLAG_FORCED;
+ if (csp->config->feature_flags & RUNTIME_FEATURE_ENFORCE_BLOCKS)
+ {
+ log_error(LOG_LEVEL_FORCE,
+ "Ignored force prefix in request: \"%s\".", req);
+ }
+ else
+ {
+ strclean(req, FORCE_PREFIX);
+ log_error(LOG_LEVEL_FORCE, "Enforcing request: \"%s\".", req);
+ csp->flags |= CSP_FLAG_FORCED;
+ }
}
#endif /* def FEATURE_FORCE_LOAD */
-const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.60 2007/01/27 13:09:16 fabiankeil Exp $";
+const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.61 2007/03/16 16:47:35 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/loadcfg.c,v $
*
* Revisions :
* $Log: loadcfg.c,v $
+ * Revision 1.61 2007/03/16 16:47:35 fabiankeil
+ * - Mention other reasons why acl directive loading might have failed.
+ * - Don't log the acl source if the acl destination is to blame.
+ *
* Revision 1.60 2007/01/27 13:09:16 fabiankeil
* Add new config option "templdir" to
* change the templates directory.
#define hash_enable_edit_actions 2517097536ul /* "enable-edit-actions" */
#define hash_enable_remote_toggle 2979744683ul /* "enable-remote-toggle" */
#define hash_enable_remote_http_toggle 110543988ul /* "enable-remote-http-toggle" */
+#define hash_enforce_blocks 1862427469ul /* "enforce-blocks" */
#define hash_filterfile 250887266ul /* "filterfile" */
#define hash_forward 2029845ul /* "forward" */
#define hash_forward_socks4 3963965521ul /* "forward-socks4" */
}
continue;
+/* *************************************************************************
+ * hash_enforce_blocks 0|1
+ * *************************************************************************/
+#ifdef FEATURE_FORCE_LOAD
+ case hash_enforce_blocks:
+ if ((*arg != '\0') && (0 != atoi(arg)))
+ {
+ config->feature_flags |= RUNTIME_FEATURE_ENFORCE_BLOCKS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_ENFORCE_BLOCKS;
+ }
+ continue;
+#endif /* def FEATURE_FORCE_LOAD */
+
/* *************************************************************************
* filterfile file-name
* In confdir by default.
#ifndef PROJECT_H_INCLUDED
#define PROJECT_H_INCLUDED
/** Version string. */
-#define PROJECT_H_VERSION "$Id: project.h,v 1.90 2007/02/07 10:36:16 fabiankeil Exp $"
+#define PROJECT_H_VERSION "$Id: project.h,v 1.91 2007/03/05 13:28:03 fabiankeil Exp $"
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/project.h,v $
*
* Revisions :
* $Log: project.h,v $
+ * Revision 1.91 2007/03/05 13:28:03 fabiankeil
+ * Add some CSP_FLAGs for the header parsers.
+ *
* Revision 1.90 2007/02/07 10:36:16 fabiankeil
* Add new http_response member to save
* the reason why the response was generated.
/** configuration_spec::feature_flags: Check the host header for requests with host-less request lines. */
#define RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS 16
+/** configuration_spec::feature_flags: Don't allow to circumvent blocks with the force prefix. */
+#define RUNTIME_FEATURE_ENFORCE_BLOCKS 32
+
/**
* Data loaded from the configuration file.