-const char jcc_rcs[] = "$Id: jcc.c,v 1.45 2001/10/07 15:42:11 oes Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.46 2001/10/08 15:17:41 oes Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.46 2001/10/08 15:17:41 oes
+ * Re-enabled SSL forwarding
+ *
* Revision 1.45 2001/10/07 15:42:11 oes
* Replaced 6 boolean members of csp with one bitmap (csp->flags)
*
#ifdef FEATURE_COOKIE_JAR
+ /*
+ * Check if a CONNECT request is allowable:
+ * In the absence of a +limit-connect action, allow only port 443.
+ * If there is an action, allow whatever matches the specificaton.
+ */
+ if(http->ssl)
+ {
+ if( ( !(csp->action->flags & ACTION_LIMIT_CONNECT) && csp->http->port != 443)
+ || (csp->action->flags & ACTION_LIMIT_CONNECT
+ && !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT], csp->http->port)) )
+ {
+ strcpy(buf, CFORBIDDEN);
+ write_socket(csp->cfd, buf, strlen(buf));
+
+ log_error(LOG_LEVEL_CONNECT, "Denying suspicious CONNECT request from %s", csp->ip_addr_str);
+ log_error(LOG_LEVEL_CLF, "%s - - [%T] \" \" 403 0", csp->ip_addr_str);
+
+ return;
+ }
+ }
+
+
/*
* Downgrade http version from 1.1 to 1.0 if +downgrade
* action applies