diff options
-rw-r--r-- | doc/tinyproxy.conf | 10 | ||||
-rw-r--r-- | src/grammar.y | 14 | ||||
-rw-r--r-- | src/scanner.l | 3 |
3 files changed, 24 insertions, 3 deletions
diff --git a/doc/tinyproxy.conf b/doc/tinyproxy.conf index e104b58..e24513c 100644 --- a/doc/tinyproxy.conf +++ b/doc/tinyproxy.conf @@ -134,6 +134,16 @@ Allow 192.168.1.0/25 #FilterExtended On # +# Change the default policy of the filtering system. If this directive is +# commented out, or is set to "No" then the default policy is to allow everything +# which is not specifically denied by the filter file. +# +# However, by setting this directive to "Yes" the default policy becomes to +# deny everything which is _not_ specifically allowed by the filter file. +# +#FilterDefaultDeny Yes + +# # If an Anonymous keyword is present, then anonymous proxying is enabled. # The headers listed are allowed through, while all others are denied. If # no Anonymous keyword is present, then all header are allowed through. diff --git a/src/grammar.y b/src/grammar.y index a9953b4..526bf7b 100644 --- a/src/grammar.y +++ b/src/grammar.y @@ -1,4 +1,4 @@ -/* $Id: grammar.y,v 1.14 2002-06-06 20:26:13 rjkaes Exp $ +/* $Id: grammar.y,v 1.15 2002-06-07 18:29:40 rjkaes Exp $ * * This is the grammar for tinyproxy's configuration file. It needs to be * in sync with scanner.l. If you know more about yacc and lex than I do @@ -24,6 +24,7 @@ #include "acl.h" #include "anonymous.h" #include "child.h" +#include "filter.h" #include "log.h" #include "reqs.h" @@ -46,7 +47,7 @@ int yylex(void); %token KW_TIMEOUT %token KW_USER KW_GROUP %token KW_ANONYMOUS KW_XTINYPROXY -%token KW_FILTER KW_FILTERURLS KW_FILTEREXTENDED +%token KW_FILTER KW_FILTERURLS KW_FILTEREXTENDED KW_FILTER_DEFAULT_DENY %token KW_TUNNEL KW_UPSTREAM %token KW_CONNECTPORT KW_BIND %token KW_ALLOW KW_DENY @@ -134,6 +135,15 @@ statement log_message(LOG_WARNING, "Filter support was not compiled in."); #endif } + | KW_FILTER_DEFAULT_DENY yesno + { +#ifdef FILTER_ENABLE + if ($2) + filter_set_default_policy(FILTER_DEFAULT_DENY); +#else + log_message(LOG_WARNING, "FIlter support was not compiled in."); +#endif + } | KW_XTINYPROXY network_address { #ifdef XTINYPROXY_ENABLE diff --git a/src/scanner.l b/src/scanner.l index 885d0a7..bb142f7 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -1,4 +1,4 @@ -/* $Id: scanner.l,v 1.13 2002-05-27 01:52:44 rjkaes Exp $ +/* $Id: scanner.l,v 1.14 2002-06-07 18:29:40 rjkaes Exp $ * * This builds the scanner for the tinyproxy configuration file. This * file needs to stay in sync with grammar.y. If someone knows lex and yacc @@ -46,6 +46,7 @@ static struct keyword keywords[] = { { "filter", KW_FILTER }, { "filterurls", KW_FILTERURLS }, { "filterextended", KW_FILTEREXTENDED }, + { "filterdefaultdeny", KW_FILTER_DEFAULT_DENY }, { "xtinyproxy", KW_XTINYPROXY }, { "tunnel", KW_TUNNEL }, { "upstream", KW_UPSTREAM }, |