summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert James Kaes <rjkaes@users.sourceforge.net>2002-06-07 18:29:41 +0000
committerRobert James Kaes <rjkaes@users.sourceforge.net>2002-06-07 18:29:41 +0000
commitff56e32e8ec8e546687f980a7d697a97bb82e74c (patch)
tree24e87278cef0ae0833bd3f91d86cf130115f3e50
parentf47685c861d493154e81ff23f02fb27edb2dcba4 (diff)
downloadtinyproxy-ff56e32e8ec8e546687f980a7d697a97bb82e74c.tar.gz
tinyproxy-ff56e32e8ec8e546687f980a7d697a97bb82e74c.zip
Added the "FilterDefaultDeny" directive to allow the user to select whether the default policy of the filter is to allow everything which isn't denied, or to deny everything which isn't allowed.
-rw-r--r--doc/tinyproxy.conf10
-rw-r--r--src/grammar.y14
-rw-r--r--src/scanner.l3
3 files changed, 24 insertions, 3 deletions
diff --git a/doc/tinyproxy.conf b/doc/tinyproxy.conf
index e104b58..e24513c 100644
--- a/doc/tinyproxy.conf
+++ b/doc/tinyproxy.conf
@@ -134,6 +134,16 @@ Allow 192.168.1.0/25
#FilterExtended On
#
+# Change the default policy of the filtering system. If this directive is
+# commented out, or is set to "No" then the default policy is to allow everything
+# which is not specifically denied by the filter file.
+#
+# However, by setting this directive to "Yes" the default policy becomes to
+# deny everything which is _not_ specifically allowed by the filter file.
+#
+#FilterDefaultDeny Yes
+
+#
# If an Anonymous keyword is present, then anonymous proxying is enabled.
# The headers listed are allowed through, while all others are denied. If
# no Anonymous keyword is present, then all header are allowed through.
diff --git a/src/grammar.y b/src/grammar.y
index a9953b4..526bf7b 100644
--- a/src/grammar.y
+++ b/src/grammar.y
@@ -1,4 +1,4 @@
-/* $Id: grammar.y,v 1.14 2002-06-06 20:26:13 rjkaes Exp $
+/* $Id: grammar.y,v 1.15 2002-06-07 18:29:40 rjkaes Exp $
*
* This is the grammar for tinyproxy's configuration file. It needs to be
* in sync with scanner.l. If you know more about yacc and lex than I do
@@ -24,6 +24,7 @@
#include "acl.h"
#include "anonymous.h"
#include "child.h"
+#include "filter.h"
#include "log.h"
#include "reqs.h"
@@ -46,7 +47,7 @@ int yylex(void);
%token KW_TIMEOUT
%token KW_USER KW_GROUP
%token KW_ANONYMOUS KW_XTINYPROXY
-%token KW_FILTER KW_FILTERURLS KW_FILTEREXTENDED
+%token KW_FILTER KW_FILTERURLS KW_FILTEREXTENDED KW_FILTER_DEFAULT_DENY
%token KW_TUNNEL KW_UPSTREAM
%token KW_CONNECTPORT KW_BIND
%token KW_ALLOW KW_DENY
@@ -134,6 +135,15 @@ statement
log_message(LOG_WARNING, "Filter support was not compiled in.");
#endif
}
+ | KW_FILTER_DEFAULT_DENY yesno
+ {
+#ifdef FILTER_ENABLE
+ if ($2)
+ filter_set_default_policy(FILTER_DEFAULT_DENY);
+#else
+ log_message(LOG_WARNING, "FIlter support was not compiled in.");
+#endif
+ }
| KW_XTINYPROXY network_address
{
#ifdef XTINYPROXY_ENABLE
diff --git a/src/scanner.l b/src/scanner.l
index 885d0a7..bb142f7 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -1,4 +1,4 @@
-/* $Id: scanner.l,v 1.13 2002-05-27 01:52:44 rjkaes Exp $
+/* $Id: scanner.l,v 1.14 2002-06-07 18:29:40 rjkaes Exp $
*
* This builds the scanner for the tinyproxy configuration file. This
* file needs to stay in sync with grammar.y. If someone knows lex and yacc
@@ -46,6 +46,7 @@ static struct keyword keywords[] = {
{ "filter", KW_FILTER },
{ "filterurls", KW_FILTERURLS },
{ "filterextended", KW_FILTEREXTENDED },
+ { "filterdefaultdeny", KW_FILTER_DEFAULT_DENY },
{ "xtinyproxy", KW_XTINYPROXY },
{ "tunnel", KW_TUNNEL },
{ "upstream", KW_UPSTREAM },