From ff56e32e8ec8e546687f980a7d697a97bb82e74c Mon Sep 17 00:00:00 2001 From: Robert James Kaes Date: Fri, 7 Jun 2002 18:29:41 +0000 Subject: Added the "FilterDefaultDeny" directive to allow the user to select whether the default policy of the filter is to allow everything which isn't denied, or to deny everything which isn't allowed. --- doc/tinyproxy.conf | 10 ++++++++++ src/grammar.y | 14 ++++++++++++-- src/scanner.l | 3 ++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/doc/tinyproxy.conf b/doc/tinyproxy.conf index e104b58..e24513c 100644 --- a/doc/tinyproxy.conf +++ b/doc/tinyproxy.conf @@ -133,6 +133,16 @@ Allow 192.168.1.0/25 # #FilterExtended On +# +# Change the default policy of the filtering system. If this directive is +# commented out, or is set to "No" then the default policy is to allow everything +# which is not specifically denied by the filter file. +# +# However, by setting this directive to "Yes" the default policy becomes to +# deny everything which is _not_ specifically allowed by the filter file. +# +#FilterDefaultDeny Yes + # # If an Anonymous keyword is present, then anonymous proxying is enabled. # The headers listed are allowed through, while all others are denied. If diff --git a/src/grammar.y b/src/grammar.y index a9953b4..526bf7b 100644 --- a/src/grammar.y +++ b/src/grammar.y @@ -1,4 +1,4 @@ -/* $Id: grammar.y,v 1.14 2002-06-06 20:26:13 rjkaes Exp $ +/* $Id: grammar.y,v 1.15 2002-06-07 18:29:40 rjkaes Exp $ * * This is the grammar for tinyproxy's configuration file. It needs to be * in sync with scanner.l. If you know more about yacc and lex than I do @@ -24,6 +24,7 @@ #include "acl.h" #include "anonymous.h" #include "child.h" +#include "filter.h" #include "log.h" #include "reqs.h" @@ -46,7 +47,7 @@ int yylex(void); %token KW_TIMEOUT %token KW_USER KW_GROUP %token KW_ANONYMOUS KW_XTINYPROXY -%token KW_FILTER KW_FILTERURLS KW_FILTEREXTENDED +%token KW_FILTER KW_FILTERURLS KW_FILTEREXTENDED KW_FILTER_DEFAULT_DENY %token KW_TUNNEL KW_UPSTREAM %token KW_CONNECTPORT KW_BIND %token KW_ALLOW KW_DENY @@ -132,6 +133,15 @@ statement config.filter_extended = $2; #else log_message(LOG_WARNING, "Filter support was not compiled in."); +#endif + } + | KW_FILTER_DEFAULT_DENY yesno + { +#ifdef FILTER_ENABLE + if ($2) + filter_set_default_policy(FILTER_DEFAULT_DENY); +#else + log_message(LOG_WARNING, "FIlter support was not compiled in."); #endif } | KW_XTINYPROXY network_address diff --git a/src/scanner.l b/src/scanner.l index 885d0a7..bb142f7 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -1,4 +1,4 @@ -/* $Id: scanner.l,v 1.13 2002-05-27 01:52:44 rjkaes Exp $ +/* $Id: scanner.l,v 1.14 2002-06-07 18:29:40 rjkaes Exp $ * * This builds the scanner for the tinyproxy configuration file. This * file needs to stay in sync with grammar.y. If someone knows lex and yacc @@ -46,6 +46,7 @@ static struct keyword keywords[] = { { "filter", KW_FILTER }, { "filterurls", KW_FILTERURLS }, { "filterextended", KW_FILTEREXTENDED }, + { "filterdefaultdeny", KW_FILTER_DEFAULT_DENY }, { "xtinyproxy", KW_XTINYPROXY }, { "tunnel", KW_TUNNEL }, { "upstream", KW_UPSTREAM }, -- cgit v1.2.3