Added reverse proxy support from Kim Holviala. His comments regarding

this addition follow: The patch implements a simple reverse proxy (with one funky extra feature). It has all the regular features: mapping remote servers to local namespace (ReversePath), disabling forward proxying (ReverseOnly) and HTTP redirect rewriting (ReverseBaseURL). The funky feature is this: You map Google to /google/ and the Google front page opens up fine. Type in stuff and click "Google Search" and you'll get an error from tinyproxy. Reason for this is that Google's form submits to "/search" which unfortunately bypasses our /google/ mapping (if they'd submit to "search" without the slash it would have worked ok). Turn on ReverseMagic and it starts working.... ReverseMagic "hijacks" one cookie which it sends to the client browser. This cookie contains the current reverse proxy path mapping (in the above case /google/) so that even if the site uses absolute links the reverse proxy still knows where to map the request. And yes, it works. No, I've never seen this done before - I couldn't find _any_ working OSS reverse proxies, and the commercial ones I've seen try to parse the page and fix all links (in the above case changing "/search" to "/google/search"). The problem with modifying the html is that it might not be parsable (very common) or it might be encoded so that the proxy can't read it (mod_gzip or likes). Hope you like that patch. One caveat - I haven't coded with C in like three years so my code might be a bit messy.... There shouldn't be any security problems thou, but you never know. I did all the stuff out of my memory without reading any RFC's, but I tested everything with Moz, Konq, IE6, Links and Lynx and they all worked fine.
author: Robert James Kaes <rjkaes@users.sourceforge.net> 2004-01-26 19:11:52 +0000
committer: Robert James Kaes <rjkaes@users.sourceforge.net> 2004-01-26 19:11:52 +0000
commit: 0a8e4e4d8d72e02ba398ec5e340f181cad5af10e (patch)
tree: dff88561b34898156e2d57aa9d0e108b133b97f5 /src/reqs.c
parent: f2d846d0571af4bed05d35abc4152da9adad4ab8 (diff)
download: tinyproxy-0a8e4e4d8d72e02ba398ec5e340f181cad5af10e.tar.gz
tinyproxy-0a8e4e4d8d72e02ba398ec5e340f181cad5af10e.zip
1 files changed, 173 insertions, 5 deletions
diff --git a/src/reqs.c b/src/reqs.c
index 3f33a7f..f00fee9 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -1,4 +1,4 @@
-/* $Id: reqs.c,v 1.108 2003-08-07 16:32:12 rjkaes Exp $
+/* $Id: reqs.c,v 1.109 2004-01-26 19:11:51 rjkaes Exp $
  *
  * This is where all the work in tinyproxy is actually done. Incoming
  * connections have a new child created for them. The child then
@@ -330,7 +330,7 @@ upstream_add(const char *host, int port, const char *domain)
 
 	if (domain == NULL) {
 		if (!host || host[0] == '\0' || port < 1) {
-			log_message(LOG_WARNING, "Nonsence upstream rule: invalid host or port");
+			log_message(LOG_WARNING, "Nonsense upstream rule: invalid host or port");
 			goto upstream_cleanup;
 		}
 
@@ -404,7 +404,7 @@ upstream_add(const char *host, int port, const char *domain)
 
 	return;
 
-      upstream_cleanup:
+upstream_cleanup:
 	safefree(up->host);
 	safefree(up->domain);
 	safefree(up);
@@ -465,6 +465,68 @@ upstream_get(char *host)
 }
 #endif
 
+#ifdef REVERSE_SUPPORT
+/*
+ * Add entry to the reversepath list
+ */
+void
+reversepath_add(const char *path, const char *url)
+{
+	struct reversepath *reverse;
+
+	if (url == NULL) {
+		log_message(LOG_WARNING, "Illegal reverse proxy rule: missing url");
+		return;
+	}
+
+	if (!strstr(url, "://")) {
+		log_message(LOG_WARNING,
+		            "Skipping reverse proxy rule: '%s' is not a valid url", url);
+		return;
+	}
+
+	if (path && *path != '/') {
+		log_message(LOG_WARNING,
+		            "Skipping reverse proxy rule: path '%s' doesn't start with a /", path);
+		return;
+	}
+
+	if (!(reverse = safemalloc(sizeof (struct reversepath)))) {
+		log_message(LOG_ERR, "Unable to allocate memory in reversepath_add()");
+		return;
+	}
+
+	if (!path) reverse->path = safestrdup("/");
+	else reverse->path = safestrdup(path);
+
+	reverse->url = safestrdup(url);
+
+	reverse->next = config.reversepath_list;
+	config.reversepath_list = reverse;
+
+	log_message(LOG_INFO,
+	            "Added reverse proxy rule: %s -> %s", reverse->path, reverse->url);
+}
+
+/*
+ * Check if a request url is in the reversepath list
+ */
+static struct reversepath *
+reversepath_get(char *url)
+{
+	struct reversepath *reverse = config.reversepath_list;
+
+	while (reverse) {
+		if (strstr(url, reverse->path) == url)
+			return reverse;
+
+		reverse = reverse->next;
+	}
+
+	return NULL;
+}
+#endif
+
 /*
  * Create a connection for HTTP connections.
  */
@@ -488,7 +550,7 @@ establish_http_connection(struct conn_s *connptr, struct request_s *request)
 }
 
 /*
- * These two defines are for the SSL tunneling.
+ * These two defines are for the SSL tunnelling.
  */
 #define SSL_CONNECTION_RESPONSE "HTTP/1.0 200 Connection established"
 #define PROXY_AGENT "Proxy-agent: " PACKAGE "/" VERSION
@@ -517,6 +579,13 @@ process_request(struct conn_s *connptr, hashmap_t hashofheaders)
 	char *url;
 	struct request_s *request;
 
+#ifdef REVERSE_SUPPORT
+	char *rewrite_url = NULL;
+	char *cookie = NULL;
+	char *cookieval;
+	struct reversepath *reverse;
+#endif
+
 	int ret;
 
 	size_t request_len;
@@ -577,6 +646,66 @@ process_request(struct conn_s *connptr, hashmap_t hashofheaders)
 		return NULL;
 	}
 
+#ifdef REVERSE_SUPPORT
+	/*
+	 * Reverse proxy URL rewriting.
+	 */
+	if (config.reversepath_list != NULL) {
+		/* Reverse requests always start with a slash */
+		if (*url == '/') {
+			/* First try locating the reverse mapping by request url */
+			reverse = reversepath_get(url);
+			if (reverse) {
+				rewrite_url = safemalloc(strlen(url) +
+				              strlen(reverse->url) + 1);
+				strcpy(rewrite_url, reverse->url);
+				strcat(rewrite_url, url + strlen(reverse->path));
+			} else if (config.reversemagic &&
+			         hashmap_entry_by_key(hashofheaders, "cookie",
+			                              (void **)&cookie) > 0) {
+
+				/* No match - try the magical tracking cookie next */
+				if ((cookieval = strstr(cookie, REVERSE_COOKIE "=")) &&
+				    (reverse = reversepath_get(cookieval +
+				                               strlen(REVERSE_COOKIE) + 1))) {
+
+					rewrite_url = safemalloc(strlen(url) +
+					                         strlen(reverse->url) + 1);
+					strcpy(rewrite_url, reverse->url);
+					strcat(rewrite_url, url + 1);
+
+					log_message(LOG_INFO,
+					            "Magical tracking cookie says: %s",
+					            reverse->path);
+				}
+			}
+		}
+
+		/* Forward proxy support off and no reverse path match found */
+		if (config.reverseonly && !rewrite_url) {
+			log_message(LOG_ERR, "Bad request");
+			indicate_http_error(connptr, 400, "Bad Request",
+					    "detail", "Request has an invalid URL",
+					    "url", url,
+					    NULL);
+
+			safefree(url);
+			free_request_struct(request);
+
+			return NULL;
+		}
+
+		log_message(LOG_CONN, "Rewriting URL: %s -> %s",
+			    url, rewrite_url);
+
+		safefree(url);
+		url = rewrite_url;
+
+		/* Store reverse path so that the magical tracking cookie can be set */
+		if (config.reversemagic) connptr->reversepath = safestrdup(reverse->path);
+	}
+#endif
+
 	if (strncasecmp(url, "http://", 7) == 0
 	    || (UPSTREAM_CONFIGURED() && strncasecmp(url, "ftp://", 6) == 0)) {
 		char *skipped_type = strstr(url, "//") + 2;
@@ -726,7 +855,7 @@ process_request(struct conn_s *connptr, hashmap_t hashofheaders)
 					    request->host);
 
 			indicate_http_error(connptr, 403, "Filtered",
-					    "detail", "The request you made has been filted",
+					    "detail", "The request you made has been filtered",
 					    "url", url,
 					    NULL);
 
@@ -1178,6 +1307,10 @@ process_server_headers(struct conn_s *connptr)
 	int i;
 	int ret;
 
+#ifdef REVERSE_SUPPORT
+	struct reversepath *reverse = config.reversepath_list;
+#endif
+
 	/* FIXME: Remember to handle a "simple_req" type */
 
 	/* Get the response line from the remote server. */
@@ -1251,6 +1384,41 @@ process_server_headers(struct conn_s *connptr)
 	if (ret < 0)
 		goto ERROR_EXIT;
 
+#ifdef REVERSE_SUPPORT
+	/* Write tracking cookie for the magical reverse proxy path hack */
+	if (config.reversemagic && connptr->reversepath) {
+		ret = write_message(connptr->client_fd,
+				    "Set-Cookie: " REVERSE_COOKIE "=%s; path=/\r\n",
+				    connptr->reversepath);
+		if (ret < 0) goto ERROR_EXIT;
+	}
+
+	/* Rewrite the HTTP redirect if needed */
+	if (config.reversebaseurl &&
+	    hashmap_entry_by_key(hashofheaders, "location", (void **)&header) > 0) {
+
+		/* Look for a matching entry in the reversepath list */
+		while (reverse) {
+			if (strncasecmp(header,
+			                reverse->url,
+			                (len = strlen(reverse->url))) == 0) break;
+			reverse = reverse->next;
+		}
+
+		if (reverse) {
+			ret = write_message(connptr->client_fd, "Location: %s%s%s\r\n",
+			                    config.reversebaseurl, (reverse->path + 1),
+			                    (header + len));
+			if (ret < 0) goto ERROR_EXIT;
+
+			log_message(LOG_INFO,
+			            "Rewriting HTTP redirect: %s -> %s%s%s", header,
+			            config.reversebaseurl, (reverse->path + 1), (header + len));
+			hashmap_remove(hashofheaders, "location");
+		}
+	}
+#endif
+
 	/*
 	 * All right, output all the remaining headers to the client.
 	 */
author	Robert James Kaes <rjkaes@users.sourceforge.net>	2004-01-26 19:11:52 +0000
committer	Robert James Kaes <rjkaes@users.sourceforge.net>	2004-01-26 19:11:52 +0000
commit	0a8e4e4d8d72e02ba398ec5e340f181cad5af10e (patch)
tree	dff88561b34898156e2d57aa9d0e108b133b97f5 /src/reqs.c
parent	f2d846d0571af4bed05d35abc4152da9adad4ab8 (diff)
download	tinyproxy-0a8e4e4d8d72e02ba398ec5e340f181cad5af10e.tar.gz tinyproxy-0a8e4e4d8d72e02ba398ec5e340f181cad5af10e.zip