summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/tinyproxy.conf9
-rw-r--r--src/grammar.y20
-rw-r--r--src/reqs.c46
-rw-r--r--src/scanner.l9
-rw-r--r--src/tinyproxy.h7
5 files changed, 47 insertions, 44 deletions
diff --git a/doc/tinyproxy.conf b/doc/tinyproxy.conf
index 9eacb95..6bc9729 100644
--- a/doc/tinyproxy.conf
+++ b/doc/tinyproxy.conf
@@ -166,11 +166,12 @@ Allow 127.0.0.1
Allow 192.168.1.0/25
#
-# Control whether the HTTP Via header should be included in requests or
-# responses. The RFC says it should be there, but it could be a security
-# concern. The default is off.
+# The "Via" header is required by the HTTP RFC, but using the real host name
+# is a security concern. If the following directive is enabled, the string
+# supplied will be used as the host name in the Via header; otherwise, the
+# server's host name will be used.
#
-#ViaHeader On
+ViaProxyName "tinyproxy"
#
# The location of the filter file.
diff --git a/src/grammar.y b/src/grammar.y
index 404f450..6d39a53 100644
--- a/src/grammar.y
+++ b/src/grammar.y
@@ -1,4 +1,4 @@
-/* $Id: grammar.y,v 1.21 2003-05-29 19:43:58 rjkaes Exp $
+/* $Id: grammar.y,v 1.22 2003-06-20 17:02:13 rjkaes Exp $
*
* This is the grammar for tinyproxy's configuration file. It needs to be
* in sync with scanner.l. If you know more about yacc and lex than I do
@@ -51,11 +51,12 @@ int yylex(void);
%token KW_FILTER KW_FILTERURLS KW_FILTEREXTENDED KW_FILTER_DEFAULT_DENY
%token KW_FILTER_CASESENSITIVE
%token KW_UPSTREAM
-%token KW_CONNECTPORT KW_BIND KW_HTTP_VIA
+%token KW_CONNECTPORT KW_BIND
%token KW_STATHOST
%token KW_ALLOW KW_DENY
%token KW_ERRORPAGE KW_DEFAULT_ERRORPAGE
%token KW_STATPAGE
+%token KW_VIA_PROXY_NAME
/* yes/no switches */
%token KW_YES KW_NO
@@ -210,14 +211,10 @@ statement
log_message(LOG_WARNING, "The 'Bind' directive can not be used with transparent proxy support. Ignoring the directive.");
#endif
}
- | KW_HTTP_VIA yesno
+ | KW_VIA_PROXY_NAME string
{
- if ($2) {
- log_message(LOG_INFO, "Enabling HTTP Via header.");
- config.via_http_header = TRUE;
- } else {
- config.via_http_header = FALSE;
- }
+ log_message(LOG_INFO, "Setting \"Via\" proxy name to: %s", $2);
+ config.via_proxy_name = $2;
}
| KW_STATHOST string
{
@@ -258,7 +255,7 @@ string
%%
-extern unsigned int yylineno;
+extern unsigned int scanner_lineno;
void
yyerror(char *s)
@@ -270,5 +267,6 @@ yyerror(char *s)
headerdisplayed = 1;
}
- fprintf(stderr, "\t%s:%d: %s\n", config.config_file, yylineno, s);
+ fprintf(stderr, "\t%s:%d: %s\n", config.config_file, scanner_lineno, s);
+ exit(EXIT_FAILURE);
}
diff --git a/src/reqs.c b/src/reqs.c
index a54535c..2a2f603 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -1,4 +1,4 @@
-/* $Id: reqs.c,v 1.103 2003-06-06 16:14:50 rjkaes Exp $
+/* $Id: reqs.c,v 1.104 2003-06-20 17:02:13 rjkaes Exp $
*
* This is where all the work in tinyproxy is actually done. Incoming
* connections have a new child created for them. The child then
@@ -987,8 +987,8 @@ get_content_length(hashmap_t hashofheaders)
}
/*
- * Search for Via head in a hash of headers and either write a new Via header,
- * or append our information to the end of an existing Via header.
+ * Search for Via header in a hash of headers and either write a new Via
+ * header, or append our information to the end of an existing Via header.
*
* FIXME: Need to add code to "hide" our internal information for security
* purposes.
@@ -998,11 +998,15 @@ write_via_header(int fd, hashmap_t hashofheaders,
unsigned int major, unsigned int minor)
{
ssize_t len;
- char hostname[128];
+ char hostname[512];
char *data;
int ret;
- gethostname(hostname, sizeof(hostname));
+ if (config.via_proxy_name) {
+ strlcpy(hostname, config.via_proxy_name, sizeof(hostname));
+ } else if (gethostname(hostname, sizeof(hostname)) < 0) {
+ strcpy(hostname, "unknown");
+ }
/*
* See if there is a "Via" header. If so, again we need to do a bit
@@ -1089,17 +1093,15 @@ process_client_headers(struct conn_s *connptr, hashmap_t hashofheaders)
}
/* Send, or add the Via header */
- if (config.via_http_header) {
- ret = write_via_header(connptr->server_fd, hashofheaders,
- connptr->protocol.major,
- connptr->protocol.minor);
- if (ret < 0) {
- indicate_http_error(connptr, 503,
- "Could not send data to remote server",
- "detail", "A network error occurred while trying to write data to the remote web server.",
- NULL);
- goto PULL_CLIENT_DATA;
- }
+ ret = write_via_header(connptr->server_fd, hashofheaders,
+ connptr->protocol.major,
+ connptr->protocol.minor);
+ if (ret < 0) {
+ indicate_http_error(connptr, 503,
+ "Could not send data to remote server",
+ "detail", "A network error occurred while trying to write data to the remote web server.",
+ NULL);
+ goto PULL_CLIENT_DATA;
}
/*
@@ -1239,13 +1241,11 @@ process_server_headers(struct conn_s *connptr)
}
/* Send, or add the Via header */
- if (config.via_http_header) {
- ret = write_via_header(connptr->client_fd, hashofheaders,
- connptr->protocol.major,
- connptr->protocol.minor);
- if (ret < 0)
- goto ERROR_EXIT;
- }
+ ret = write_via_header(connptr->client_fd, hashofheaders,
+ connptr->protocol.major,
+ connptr->protocol.minor);
+ if (ret < 0)
+ goto ERROR_EXIT;
/*
* All right, output all the remaining headers to the client.
diff --git a/src/scanner.l b/src/scanner.l
index f685b23..d1664a8 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -1,4 +1,4 @@
-/* $Id: scanner.l,v 1.19 2003-03-13 21:42:45 rjkaes Exp $
+/* $Id: scanner.l,v 1.20 2003-06-20 17:02:13 rjkaes Exp $
*
* This builds the scanner for the tinyproxy configuration file. This
* file needs to stay in sync with grammar.y. If someone knows lex and yacc
@@ -54,7 +54,7 @@ static struct keyword keywords[] = {
{ "deny", KW_DENY },
{ "connectport", KW_CONNECTPORT },
{ "bind", KW_BIND },
- { "viaheader", KW_HTTP_VIA },
+ { "viaproxyname", KW_VIA_PROXY_NAME },
{ "stathost", KW_STATHOST },
{ "errorfile", KW_ERRORPAGE },
{ "defaulterrorfile", KW_DEFAULT_ERRORPAGE },
@@ -81,7 +81,8 @@ static struct keyword keywords[] = {
#define MAX_REGEXP_LEN 1024
-unsigned int yylineno = 1;
+unsigned int scanner_lineno = 1;
+
char tiny_buf[MAX_REGEXP_LEN];
char *tiny_str;
@@ -103,7 +104,7 @@ word [^ \#'"\(\)\{\}\\;\n\t,|\.]
%%
\#.*$ ;
-\n { yylineno++; return '\n'; }
+\n { ++scanner_lineno; return '\n'; }
: { return ':'; }
{white}+ ;
0x{digit}+ { yylval.num = strtol(yytext, NULL, 16); return NUMBER; }
diff --git a/src/tinyproxy.h b/src/tinyproxy.h
index 1c21762..d014748 100644
--- a/src/tinyproxy.h
+++ b/src/tinyproxy.h
@@ -1,4 +1,4 @@
-/* $Id: tinyproxy.h,v 1.40 2003-06-02 21:55:14 rjkaes Exp $
+/* $Id: tinyproxy.h,v 1.41 2003-06-20 17:02:12 rjkaes Exp $
*
* See 'tinyproxy.c' for a detailed description.
*
@@ -61,7 +61,10 @@ struct config_s {
unsigned int idletimeout;
char* bind_address;
- unsigned int via_http_header; /* boolean */
+ /*
+ * The configured name to use in the HTTP "Via" header field.
+ */
+ char* via_proxy_name;
/*
* Error page support. This is an array of pointers to structures