- Forbidden CONNECT requests are treated like blocks by default.
The now-pointless treat-forbidden-connects-like-blocks action
has been removed.
+- Not enabling limit-connect now allows CONNECT requests to all ports.
+ In previous versions it would only allow CONNECT requests to port 443.
+ Use +limit-connect{443} if you think you need the old default behaviour.
- Fixed false-positives with the link-by-url filter and URLs that
contain the pattern "/jump/".
- The less-download-windows filter no longer messes
This file belongs into
ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
- $Id: user-manual.sgml,v 2.64 2008/03/01 14:10:28 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.65 2008/03/04 18:30:40 fabiankeil Exp $
Copyright (C) 2001-2008 Privoxy Developers http://www.privoxy.org/
See LICENSE.
</subscript>
</pubdate>
-<pubdate>$Id: user-manual.sgml,v 2.64 2008/03/01 14:10:28 fabiankeil Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 2.65 2008/03/04 18:30:40 fabiankeil Exp $</pubdate>
<!--
<listitem>
<para>
By default, i.e. if no <literal>limit-connect</literal> action applies,
- <application>Privoxy</application> only allows HTTP CONNECT
- requests to port 443 (the standard, secure HTTPS port). Use
- <literal>limit-connect</literal> if more fine-grained control is desired
- for some or all destinations.
+ <application>Privoxy</application> allows HTTP CONNECT requests to all
+ ports. Use <literal>limit-connect</literal> if fine-grained control
+ is desired for some or all destinations.
</para>
<para>
The CONNECT methods exists in HTTP to allow access to secure websites
<!-- I probably have the wrong font setup, bollocks. -->
<!-- Apparently the emphasis tag uses a proportional font no matter what -->
<para>
- <screen>+limit-connect{443} # This is the default and need not be specified.
+ <screen>+limit-connect{443} # Port 443 is OK.
+limit-connect{80,443} # Ports 80 and 443 are OK.
+limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
+limit-connect{-} # All ports are OK
USA
$Log: user-manual.sgml,v $
+ Revision 2.65 2008/03/04 18:30:40 fabiankeil
+ Remove the treat-forbidden-connects-like-blocks action. We now
+ use the "blocked" page for forbidden CONNECT requests by default.
+
Revision 2.64 2008/03/01 14:10:28 fabiankeil
Use new block syntax. Still needs some polishing.
-const char filters_rcs[] = "$Id: filters.c,v 1.101 2008/02/23 16:57:12 fabiankeil Exp $";
+const char filters_rcs[] = "$Id: filters.c,v 1.102 2008/03/01 14:00:44 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/filters.c,v $
*
* Revisions :
* $Log: filters.c,v $
+ * Revision 1.102 2008/03/01 14:00:44 fabiankeil
+ * Let the block action take the reason for the block
+ * as argument and show it on the "blocked" page.
+ *
* Revision 1.101 2008/02/23 16:57:12 fabiankeil
* Rename url_actions() to get_url_actions() and let it
* use the standard parameter ordering.
*********************************************************************/
int connect_port_is_forbidden(const struct client_state *csp)
{
- return ((!(csp->action->flags & ACTION_LIMIT_CONNECT) && csp->http->port != 443)
- || (csp->action->flags & ACTION_LIMIT_CONNECT &&
- !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT], csp->http->port)));
+ return ((csp->action->flags & ACTION_LIMIT_CONNECT) &&
+ !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT],
+ csp->http->port));
}
-const char jcc_rcs[] = "$Id: jcc.c,v 1.168 2008/03/02 12:25:25 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.169 2008/03/04 18:30:39 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.169 2008/03/04 18:30:39 fabiankeil
+ * Remove the treat-forbidden-connects-like-blocks action. We now
+ * use the "blocked" page for forbidden CONNECT requests by default.
+ *
* Revision 1.168 2008/03/02 12:25:25 fabiankeil
* Also use shiny new connect_port_is_forbidden() in jcc.c.
*
if (http->ssl && connect_port_is_forbidden(csp))
{
const char *acceptable_connect_ports =
- csp->action->string[ACTION_STRING_LIMIT_CONNECT] ?
- csp->action->string[ACTION_STRING_LIMIT_CONNECT] :
- "443 (implied default)";
+ csp->action->string[ACTION_STRING_LIMIT_CONNECT];
+ assert(NULL != acceptable_connect_ports);
log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
"limit-connect{%s} doesn't allow CONNECT requests to port %d.",
csp->ip_addr_str, acceptable_connect_ports, csp->http->port);