diff options
author | Graham Leggett <minfrin@apache.org> | 2001-04-04 20:47:42 +0200 |
---|---|---|
committer | Graham Leggett <minfrin@apache.org> | 2001-04-04 20:47:42 +0200 |
commit | 5f3bc1ebc9905ad3b771a25fa37c3d544e462d6c (patch) | |
tree | 1a5bd5b32446777fea96606d92bf479afdf2b487 /modules/proxy/proxy_util.c | |
parent | Since ap_parse_uri_components() now guarantees port will be filled in, (diff) | |
download | apache2-5f3bc1ebc9905ad3b771a25fa37c3d544e462d6c.tar.xz apache2-5f3bc1ebc9905ad3b771a25fa37c3d544e462d6c.zip |
Some code rewriting in ap_proxy_connect_handler():
*) Fixed bug where a hostname without a "." in it (such as "localhost")
would not trigger an IP address check with ProxyBlock.
*) Fixed ProxyBlock bugs with ap_proxy_http_handler() and
ap_proxy_connect_handler().
*) Updated ap_proxy_connect_handler() to support APR, while
moving some common code between http_handler and connect_handler
to proxy_util.c.
PR:
Obtained from:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88721 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/proxy/proxy_util.c')
-rw-r--r-- | modules/proxy/proxy_util.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index cd4806125c..27acb4da11 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -1071,6 +1071,44 @@ static int proxy_match_word(struct dirconn_entry *This, request_rec *r) return host != NULL && ap_strstr_c(host, This->name) != NULL; } +/* checks whether a host in uri_addr matches proxyblock */ +int ap_proxy_checkproxyblock(request_rec *r, proxy_server_conf *conf, + apr_sockaddr_t *uri_addr) +{ + int j; + /* XXX FIXME: conf->noproxies->elts is part of an opaque structure */ + for (j = 0; j < conf->noproxies->nelts; j++) { + struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts; + struct apr_sockaddr_t *conf_addr = npent[j].addr; + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, + "proxy: checking remote machine [%s] against [%s]", uri_addr->hostname, npent[j].name); + if ((npent[j].name && ap_strstr_c(uri_addr->hostname, npent[j].name)) + || npent[j].name[0] == '*') { + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r->server, + "proxy: connect to remote machine %s blocked: name %s matched", uri_addr->hostname, npent[j].name); + return HTTP_FORBIDDEN; + } + while (conf_addr) { + while (uri_addr) { + char *conf_ip; + char *uri_ip; + apr_sockaddr_ip_get(&conf_ip, conf_addr); + apr_sockaddr_ip_get(&uri_ip, uri_addr); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, + "proxy: ProxyBlock comparing %s and %s", conf_ip, uri_ip); + if (!apr_strnatcasecmp(conf_ip, uri_ip)) { + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r->server, + "proxy: connect to remote machine %s blocked: IP %s matched", uri_addr->hostname, conf_ip); + return HTTP_FORBIDDEN; + } + uri_addr = uri_addr->next; + } + conf_addr = conf_addr->next; + } + } + return OK; +} + apr_status_t ap_proxy_doconnect(apr_socket_t *sock, char *host, apr_uint32_t port, request_rec *r) { apr_status_t rv; |