summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2004-08-12(check_allowed_connect_ports): By default DENY any CONNECT requestsRobert James Kaes1-13/+9
unless explicitly allowed by a configuration directive.
2004-08-12(add_xtinyproxy_header): Removed the runtime error checking of theRobert James Kaes1-8/+3
connptr->server_fd variable and moved it into an assert since we should never be called with invalid data. Also made the function an inline function since it's only called in one place.
2004-08-11Completely rewrote the ACL functionality. The new system is intendedRobert James Kaes1-158/+184
to handle IPv6 style addresses along with the existing IPv4 and string addresses. In addition, the hand-rolled "list" code has been replaced with a vector (code reuse.) Also, the code should be a little easier to understand (relatively speaking.) I do need to add some kind of testing framework (in general) to check that the new code does work with all the formats that will be thrown at it.
2004-08-11(strip_username_password): Removed one of the pointer variables sinceRobert James Kaes1-11/+16
it's no longer needed. Reorganized the function to make it more obvious what was actually being done.
2004-08-10Merged in changes from 1.6.3Robert James Kaes8-18/+36
2004-04-27Added the "BindSame" configure directive from Oswald Buddenhagen.Robert James Kaes9-32/+93
This allows tinyproxy to respond to a request bound to the same interface that the request came in on. As Oswald explains: "attached is a patch that adds the BindSame option. it causes binding an outgoing connection to the ip address of the respective incoming connection. that way one can simulate an entire proxy farm with a single instance of tinyproxy on a multi-homed machine." Cool.
2004-04-27(init_stats): Fixed a memset bug, where the structure was not clearedRobert James Kaes1-2/+2
properly. (The sizeof "struct stat" was being used rather than the proper "struct stat_s". On my system, "struct stat" is 88 bytes long, while "struct stat_s" is 20 bytes long. Quite a difference!)
2004-04-27These files list all the other files that CVS should ignore. It makesRobert James Kaes3-0/+29
looking at the CVS status information a little cleaner.
2004-02-18Converted the various socket functions to work with both IPv4 and IPv6Robert James Kaes2-91/+90
addresses.
2004-02-18Added two functions:Robert James Kaes2-4/+85
- get_ip_string() converts a binary network address into either a dotted-decimal IPv4 address, or a IPv6 hex-string - full_inet_pton() converts a numeric character string into an IPv6 network address (binary form). It's like the system inet_pton() function, but it will work with bot IPv4 and IPv6 character strings. These functions are required for the conversion to Internet protocol independence. (Or to put it more clearly: allow tinyproxy to work in an IPv6 network.)
2004-02-17Rewrote the "early history" of the project, and added a section forRobert James Kaes1-8/+15
"major" addition authors.
2004-02-13Removed unnecessary casts (mostly dealing with memory allocation.) IRobert James Kaes13-62/+56
should never have added them in the first place. They don't really buy anything, and they can hide bugs.
2004-02-04(strip_return_port): Patch from "alex" to strip the port from the hostRobert James Kaes1-19/+41
string and return the port. I cleaned up and added error handling to the code, but it's basically "alex"'s fix. (extract_http_url): Rewrote this function to remove all the sscanf() calls. It's much easier to just split on the path slash (if it's present) and then strip the user name/password and port from the host string. Less code, handles more cases!
2004-01-26# Updated change logRobert James Kaes1-0/+17
2004-01-26Added reverse proxy support from Kim Holviala. His comments regardingRobert James Kaes10-31/+330
this addition follow: The patch implements a simple reverse proxy (with one funky extra feature). It has all the regular features: mapping remote servers to local namespace (ReversePath), disabling forward proxying (ReverseOnly) and HTTP redirect rewriting (ReverseBaseURL). The funky feature is this: You map Google to /google/ and the Google front page opens up fine. Type in stuff and click "Google Search" and you'll get an error from tinyproxy. Reason for this is that Google's form submits to "/search" which unfortunately bypasses our /google/ mapping (if they'd submit to "search" without the slash it would have worked ok). Turn on ReverseMagic and it starts working.... ReverseMagic "hijacks" one cookie which it sends to the client browser. This cookie contains the current reverse proxy path mapping (in the above case /google/) so that even if the site uses absolute links the reverse proxy still knows where to map the request. And yes, it works. No, I've never seen this done before - I couldn't find _any_ working OSS reverse proxies, and the commercial ones I've seen try to parse the page and fix all links (in the above case changing "/search" to "/google/search"). The problem with modifying the html is that it might not be parsable (very common) or it might be encoded so that the proxy can't read it (mod_gzip or likes). Hope you like that patch. One caveat - I haven't coded with C in like three years so my code might be a bit messy.... There shouldn't be any security problems thou, but you never know. I did all the stuff out of my memory without reading any RFC's, but I tested everything with Moz, Konq, IE6, Links and Lynx and they all worked fine.
2003-10-17Merged in changes from the 1.6.2 release. (Fixes for the filtering codeRobert James Kaes4-25/+47
and the HTML installation script.)
2003-08-14Merged in missing $(DESTDIR) in tinyproxy-html-files rules bug fixRobert James Kaes1-1/+1
from the stable branch.
2003-08-07Incorporated patches from Marc Silver to improve the readability andRobert James Kaes1-61/+86
understandability of the documentation.
2003-08-07tinyproxy no longer includes a fall-back regular expression library,Robert James Kaes5-21/+11
so these files needed to be modified to only use the system's installed regular expression library.
2003-08-07Removed the included regular expression library, since it should comeRobert James Kaes3-6457/+0
standard on any reasonably modern system.
2003-08-07# Merged in changes from the stable 1.6 branch.Robert James Kaes3-6/+17
2003-08-05Patch from Marc Silver to improve the readability and accuracy of theRobert James Kaes1-10/+10
tinyproxy man page.
2003-08-05# Fixed a comment to actually reflect what the function does.Robert James Kaes1-2/+2
2003-08-05Added the cookie header to the documented list of headers to allowRobert James Kaes1-0/+4
through.
2003-08-01Included patches from Steven Young to use the hashmap functionality toRobert James Kaes4-82/+64
manage the HTML error pages. It simplifies the source, and also make the object file smaller. Nice. Also added any casting from (void*) to ensure that the code compiles using a C++ compiler.
2003-07-31Added appropriate casts (void*) casts to allow the code to compileRobert James Kaes1-9/+12
cleanly using a C++ compiler. Changed the servers_waiting variable to an unsigned int, since the number of servers waiting can never be negative, and added an assert() to ensure this invariant.
2003-07-31(debugging_realloc): Removed the assert for the NULL pointer, sinceRobert James Kaes1-3/+2
realloc() can take a NULL pointer, as defined by the realloc() man page. Fixed the cast in both safefree() macros to compile cleaning using a C++ compiler.
2003-07-31Fixed the cast in both safefree() macros to compile cleaning using aRobert James Kaes1-3/+3
C++ compiler.
2003-07-31# Fixed a preprocessor test (misspelled __cplusplus)Robert James Kaes1-2/+2
2003-07-31Added appropriate casts from (void*) so that the code will compileRobert James Kaes11-58/+67
cleanly with a C++ compiler. (Tested using GCC 3.3)
2003-07-24# Bumped up the version number because of a maintenance release (to fixRobert James Kaes1-2/+2
a problem with the scanner.c file.
2003-07-14# Updated ChangeLogRobert James Kaes1-1/+8
2003-07-14# Bumped up version number.Robert James Kaes1-2/+2
2003-07-14(indicate_http_error): Added calls to va_end() before leaving theRobert James Kaes1-2/+6
function.
2003-06-26# Updated the ChangeLogRobert James Kaes1-0/+19
2003-06-26# Bumped up the version number and made sure to only add the debuggingRobert James Kaes1-3/+6
flags to flex if it really is flex.
2003-06-26# Removed the debugging information.Robert James Kaes1-8/+2
2003-06-26# Added debugging flags for the flex scanner.Robert James Kaes2-3/+5
2003-06-26(upstream_add): Rewrote the function to actually handle the variousRobert James Kaes1-33/+37
types of upstream configurations correctly. Hopefully, the code is also a little clearer in it's implementation.
2003-06-26# Removed the STRING_ADDRESS token since it was conflicting with theRobert James Kaes1-6/+4
IDENTIFIER directive and also the keyword directives.
2003-06-26Modified the patterns to allow the new upstream directives to work asRobert James Kaes1-9/+14
defined in the tinyproxy.conf documentation.
2003-06-26(debugging_free): Rather than assert on a NULL pointer, log the NULLRobert James Kaes1-4/+4
pointer and return.
2003-06-25# Bumped up the version number.Robert James Kaes1-2/+2
2003-06-25# Updated the changelogRobert James Kaes1-0/+7
2003-06-25Added a test to define INADDR_NONE if it's not present. For example,Robert James Kaes1-1/+8
SunOS (solaris 2.8) does not include this define. [Thank to Ben Hartshorne for pointing this out.]
2003-06-25Changed the calls to "ps" and "grep" to use a more portable syntax.Robert James Kaes1-1/+1
2003-06-23# Bumped up the version number.Robert James Kaes1-2/+2
2003-06-23# Added a bit more description to describe where to look for the errorRobert James Kaes1-1/+5
HTML files. In the future the installation script should modify the tinyproxy.conf file.
2003-06-20# Updated ChangeLogRobert James Kaes1-0/+39
2003-06-20Removed the "ViaHeader" directive and replaced it with theRobert James Kaes5-44/+47
"ViaProxyName" directive. The "Via" HTTP header is _required_ by the HTTP spec, so the code has been changed to always send the header. However, including the proxy's host name could be considered a security threat, so the "ViaProxyName" directive is used to set the token sent in the "Via" header. If the directive is not enabled the proxy's host name will be used.