diff options
author | Robert James Kaes <rjkaes@users.sourceforge.net> | 2002-11-26 21:44:43 +0000 |
---|---|---|
committer | Robert James Kaes <rjkaes@users.sourceforge.net> | 2002-11-26 21:44:43 +0000 |
commit | e58343012fa999a33ed2bcfd569fbbe3e861d0a1 (patch) | |
tree | 4b66b79746a3ec8a9fced14034db0fbe481425c8 | |
parent | c826b18437dfc460e0d360c375241ce65a7ef7f8 (diff) | |
download | tinyproxy-e58343012fa999a33ed2bcfd569fbbe3e861d0a1.tar.gz tinyproxy-e58343012fa999a33ed2bcfd569fbbe3e861d0a1.zip |
Included code to disable the sending of the Via header. This is now
controlled by the ViaHeader configure directive.
-rw-r--r-- | doc/tinyproxy.conf | 7 | ||||
-rw-r--r-- | src/grammar.y | 13 | ||||
-rw-r--r-- | src/reqs.c | 31 | ||||
-rw-r--r-- | src/scanner.l | 3 | ||||
-rw-r--r-- | src/tinyproxy.h | 4 |
5 files changed, 41 insertions, 17 deletions
diff --git a/doc/tinyproxy.conf b/doc/tinyproxy.conf index 152e91e..d215477 100644 --- a/doc/tinyproxy.conf +++ b/doc/tinyproxy.conf @@ -111,6 +111,13 @@ Allow 127.0.0.1 Allow 192.168.1.0/25 # +# Control whether the HTTP Via header should be included in requests or +# responses. The RFC says it should be there, but it could be a security +# concern. The default is off. +# +#ViaHeader On + +# # The location of the filter file. # #Filter "/etc/tinyproxy/filter" diff --git a/src/grammar.y b/src/grammar.y index cf28e9a..4131dd3 100644 --- a/src/grammar.y +++ b/src/grammar.y @@ -1,4 +1,4 @@ -/* $Id: grammar.y,v 1.16 2002-11-03 17:10:32 rjkaes Exp $ +/* $Id: grammar.y,v 1.17 2002-11-26 21:44:43 rjkaes Exp $ * * This is the grammar for tinyproxy's configuration file. It needs to be * in sync with scanner.l. If you know more about yacc and lex than I do @@ -49,7 +49,7 @@ int yylex(void); %token KW_ANONYMOUS KW_XTINYPROXY %token KW_FILTER KW_FILTERURLS KW_FILTEREXTENDED KW_FILTER_DEFAULT_DENY %token KW_UPSTREAM -%token KW_CONNECTPORT KW_BIND +%token KW_CONNECTPORT KW_BIND KW_HTTP_VIA %token KW_ALLOW KW_DENY /* yes/no switches */ @@ -179,6 +179,15 @@ statement log_message(LOG_WARNING, "The 'Bind' directive can not be used with transparent proxy support. Ignoring the directive."); #endif } + | KW_HTTP_VIA yesno + { + if ($2) { + log_message(LOG_INFO, "Enabling HTTP Via header."); + config.via_http_header = TRUE; + } else { + config.via_http_header = FALSE; + } + } ; loglevels @@ -1,4 +1,4 @@ -/* $Id: reqs.c,v 1.85 2002-11-13 17:48:48 rjkaes Exp $ +/* $Id: reqs.c,v 1.86 2002-11-26 21:44:43 rjkaes Exp $ * * This is where all the work in tinyproxy is actually done. Incoming * connections have a new child created for them. The child then @@ -791,7 +791,7 @@ process_client_headers(struct conn_s *connptr, hashmap_t hashofheaders) int i; hashmap_iter iter; long content_length = -1; - int ret; + int ret = 0; char *data, *header; @@ -826,13 +826,15 @@ process_client_headers(struct conn_s *connptr, hashmap_t hashofheaders) } /* Send, or add the Via header */ - ret = write_via_header(connptr->server_fd, hashofheaders, - connptr->protocol.major, - connptr->protocol.minor); - if (ret < 0) { - indicate_http_error(connptr, 503, - "Could not send data to remote server."); - goto PULL_CLIENT_DATA; + if (config.via_http_header) { + ret = write_via_header(connptr->server_fd, hashofheaders, + connptr->protocol.major, + connptr->protocol.minor); + if (ret < 0) { + indicate_http_error(connptr, 503, + "Could not send data to remote server."); + goto PULL_CLIENT_DATA; + } } /* @@ -969,10 +971,13 @@ process_server_headers(struct conn_s *connptr) } /* Send, or add the Via header */ - ret = write_via_header(connptr->client_fd, hashofheaders, - connptr->protocol.major, connptr->protocol.minor); - if (ret < 0) - goto ERROR_EXIT; + if (config.via_http_header) { + ret = write_via_header(connptr->client_fd, hashofheaders, + connptr->protocol.major, + connptr->protocol.minor); + if (ret < 0) + goto ERROR_EXIT; + } /* * All right, output all the remaining headers to the client. diff --git a/src/scanner.l b/src/scanner.l index e6c33a9..f6dbd51 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -1,4 +1,4 @@ -/* $Id: scanner.l,v 1.15 2002-11-03 17:10:32 rjkaes Exp $ +/* $Id: scanner.l,v 1.16 2002-11-26 21:44:43 rjkaes Exp $ * * This builds the scanner for the tinyproxy configuration file. This * file needs to stay in sync with grammar.y. If someone knows lex and yacc @@ -53,6 +53,7 @@ static struct keyword keywords[] = { { "deny", KW_DENY }, { "connectport", KW_CONNECTPORT }, { "bind", KW_BIND }, + { "viaheader", KW_HTTP_VIA }, /* loglevel and the settings */ { "loglevel", KW_LOGLEVEL }, diff --git a/src/tinyproxy.h b/src/tinyproxy.h index 3f9abdf..6340488 100644 --- a/src/tinyproxy.h +++ b/src/tinyproxy.h @@ -1,4 +1,4 @@ -/* $Id: tinyproxy.h,v 1.34 2002-11-03 17:10:32 rjkaes Exp $ +/* $Id: tinyproxy.h,v 1.35 2002-11-26 21:44:43 rjkaes Exp $ * * See 'tinyproxy.c' for a detailed description. * @@ -52,6 +52,8 @@ struct config_s { char* dnsserver_location; char* dnsserver_socket; + + bool_t via_http_header; }; /* Global Structures used in the program */ |