From e58343012fa999a33ed2bcfd569fbbe3e861d0a1 Mon Sep 17 00:00:00 2001 From: Robert James Kaes Date: Tue, 26 Nov 2002 21:44:43 +0000 Subject: Included code to disable the sending of the Via header. This is now controlled by the ViaHeader configure directive. --- doc/tinyproxy.conf | 7 +++++++ src/grammar.y | 13 +++++++++++-- src/reqs.c | 31 ++++++++++++++++++------------- src/scanner.l | 3 ++- src/tinyproxy.h | 4 +++- 5 files changed, 41 insertions(+), 17 deletions(-) diff --git a/doc/tinyproxy.conf b/doc/tinyproxy.conf index 152e91e..d215477 100644 --- a/doc/tinyproxy.conf +++ b/doc/tinyproxy.conf @@ -110,6 +110,13 @@ MaxRequestsPerChild 0 Allow 127.0.0.1 Allow 192.168.1.0/25 +# +# Control whether the HTTP Via header should be included in requests or +# responses. The RFC says it should be there, but it could be a security +# concern. The default is off. +# +#ViaHeader On + # # The location of the filter file. # diff --git a/src/grammar.y b/src/grammar.y index cf28e9a..4131dd3 100644 --- a/src/grammar.y +++ b/src/grammar.y @@ -1,4 +1,4 @@ -/* $Id: grammar.y,v 1.16 2002-11-03 17:10:32 rjkaes Exp $ +/* $Id: grammar.y,v 1.17 2002-11-26 21:44:43 rjkaes Exp $ * * This is the grammar for tinyproxy's configuration file. It needs to be * in sync with scanner.l. If you know more about yacc and lex than I do @@ -49,7 +49,7 @@ int yylex(void); %token KW_ANONYMOUS KW_XTINYPROXY %token KW_FILTER KW_FILTERURLS KW_FILTEREXTENDED KW_FILTER_DEFAULT_DENY %token KW_UPSTREAM -%token KW_CONNECTPORT KW_BIND +%token KW_CONNECTPORT KW_BIND KW_HTTP_VIA %token KW_ALLOW KW_DENY /* yes/no switches */ @@ -179,6 +179,15 @@ statement log_message(LOG_WARNING, "The 'Bind' directive can not be used with transparent proxy support. Ignoring the directive."); #endif } + | KW_HTTP_VIA yesno + { + if ($2) { + log_message(LOG_INFO, "Enabling HTTP Via header."); + config.via_http_header = TRUE; + } else { + config.via_http_header = FALSE; + } + } ; loglevels diff --git a/src/reqs.c b/src/reqs.c index ebd788e..276f975 100644 --- a/src/reqs.c +++ b/src/reqs.c @@ -1,4 +1,4 @@ -/* $Id: reqs.c,v 1.85 2002-11-13 17:48:48 rjkaes Exp $ +/* $Id: reqs.c,v 1.86 2002-11-26 21:44:43 rjkaes Exp $ * * This is where all the work in tinyproxy is actually done. Incoming * connections have a new child created for them. The child then @@ -791,7 +791,7 @@ process_client_headers(struct conn_s *connptr, hashmap_t hashofheaders) int i; hashmap_iter iter; long content_length = -1; - int ret; + int ret = 0; char *data, *header; @@ -826,13 +826,15 @@ process_client_headers(struct conn_s *connptr, hashmap_t hashofheaders) } /* Send, or add the Via header */ - ret = write_via_header(connptr->server_fd, hashofheaders, - connptr->protocol.major, - connptr->protocol.minor); - if (ret < 0) { - indicate_http_error(connptr, 503, - "Could not send data to remote server."); - goto PULL_CLIENT_DATA; + if (config.via_http_header) { + ret = write_via_header(connptr->server_fd, hashofheaders, + connptr->protocol.major, + connptr->protocol.minor); + if (ret < 0) { + indicate_http_error(connptr, 503, + "Could not send data to remote server."); + goto PULL_CLIENT_DATA; + } } /* @@ -969,10 +971,13 @@ process_server_headers(struct conn_s *connptr) } /* Send, or add the Via header */ - ret = write_via_header(connptr->client_fd, hashofheaders, - connptr->protocol.major, connptr->protocol.minor); - if (ret < 0) - goto ERROR_EXIT; + if (config.via_http_header) { + ret = write_via_header(connptr->client_fd, hashofheaders, + connptr->protocol.major, + connptr->protocol.minor); + if (ret < 0) + goto ERROR_EXIT; + } /* * All right, output all the remaining headers to the client. diff --git a/src/scanner.l b/src/scanner.l index e6c33a9..f6dbd51 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -1,4 +1,4 @@ -/* $Id: scanner.l,v 1.15 2002-11-03 17:10:32 rjkaes Exp $ +/* $Id: scanner.l,v 1.16 2002-11-26 21:44:43 rjkaes Exp $ * * This builds the scanner for the tinyproxy configuration file. This * file needs to stay in sync with grammar.y. If someone knows lex and yacc @@ -53,6 +53,7 @@ static struct keyword keywords[] = { { "deny", KW_DENY }, { "connectport", KW_CONNECTPORT }, { "bind", KW_BIND }, + { "viaheader", KW_HTTP_VIA }, /* loglevel and the settings */ { "loglevel", KW_LOGLEVEL }, diff --git a/src/tinyproxy.h b/src/tinyproxy.h index 3f9abdf..6340488 100644 --- a/src/tinyproxy.h +++ b/src/tinyproxy.h @@ -1,4 +1,4 @@ -/* $Id: tinyproxy.h,v 1.34 2002-11-03 17:10:32 rjkaes Exp $ +/* $Id: tinyproxy.h,v 1.35 2002-11-26 21:44:43 rjkaes Exp $ * * See 'tinyproxy.c' for a detailed description. * @@ -52,6 +52,8 @@ struct config_s { char* dnsserver_location; char* dnsserver_socket; + + bool_t via_http_header; }; /* Global Structures used in the program */ -- cgit v1.2.3