hno squid-2.4.DEVEL2.acl_req_mime_type.patch

Squid-2.4.DEVEL2: req_mime_type ACL

regex match agains the mime type of the request generated
by the client. Can be used to detect file upload or some
types HTTP tunelling requests.

NOTE: This does NOT match the reply. You cannot use this
to match the returned file type.

diff --git a/ChangeLog b/ChangeLog
index c73c8376ef23c57d0edc884a2c3b8e9e9423779b..4735718f54fa06182d9a448526584dfe43280abf 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -55,6 +55,8 @@ Changes to Squid-2.4.DEVEL3 ():
        - Fixed a temporary memory leak on persistent POSTs
        - Fixed a temporary memory leak when the server response headers
          includes NULL characters
+       - authenticate_ip_ttl_is_strict squid.conf option
+       - req_mime_type ACL type
 
 Changes to Squid-2.4.DEVEL2 ():
 

diff --git a/src/acl.cc b/src/acl.cc
index 294cf1ce12f1ce459caec08f7e07c366153bc9a1..aa6e344f813751607fc3ba2d0183ec21b085d687 100644 (file)
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.cc,v 1.216 2000/05/02 21:35:24 hno Exp $
+ * $Id: acl.cc,v 1.217 2000/05/02 21:38:11 hno Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -209,6 +209,8 @@ aclStrToType(const char *s)
     if (!strcmp(s, "arp"))
        return ACL_SRC_ARP;
 #endif
+    if (!strcmp(s, "req_mime_type"))
+       return ACL_REQ_MIME_TYPE;
     return ACL_NONE;
 }
 
@@ -271,6 +273,8 @@ aclTypeToStr(squid_acl type)
     if (type == ACL_SRC_ARP)
        return "arp";
 #endif
+    if (type == ACL_REQ_MIME_TYPE)
+       return "req_mime_type";
     return "ERROR";
 }
 
@@ -762,6 +766,9 @@ aclParseAclLine(acl ** head)
        aclParseArpList(&A->data);
        break;
 #endif
+    case ACL_REQ_MIME_TYPE:
+       aclParseWordList(&A->data);
+       break;
     case ACL_NONE:
     default:
        fatal("Bad ACL type");
@@ -1526,6 +1533,13 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist)
     case ACL_SRC_ARP:
        return aclMatchArp(&ae->data, checklist->src_addr);
 #endif
+    case ACL_REQ_MIME_TYPE:
+       header = httpHeaderGetStr(&checklist->request->header,
+           HDR_CONTENT_TYPE);
+       if (NULL == header)
+           header = "";
+       return aclMatchRegex(ae->data, header);
+       /* NOTREACHED */
     case ACL_NONE:
     default:
        debug(28, 0) ("aclMatchAcl: '%s' has bad type %d\n",

diff --git a/src/cf.data.pre b/src/cf.data.pre
index d9d9392fd954bf9b59db5876649f2e146f44dd8d..9389574d1046bebaf56beb5092be9c9034e90abe 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.177 2000/05/02 21:35:24 hno Exp $
+# $Id: cf.data.pre,v 1.178 2000/05/02 21:38:12 hno Exp $
 #
 #
 # SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -1599,10 +1599,17 @@ DOC_START
          # This will be matched when the client's IP address has
          # more than <number> HTTP connections established.
 
+       acl req_mime_type mime-type1 ...
+         # regex match agains the mime type of the request generated
+         # by the client. Can be used to detect file upload or some
+         # types HTTP tunelling requests.
+         # NOTE: This does NOT match the reply. You cannot use this
+         # to match the returned file type.
 
 Examples:
 acl myexample dst_as 1241
 acl password proxy_auth REQUIRED
+acl fileupload req_mime_type -i ^multipart/form-data$
 
 NOCOMMENT_START
 #Recommended minimum configuration:

diff --git a/src/enums.h b/src/enums.h
index 630ffe164a704b3ebf2c536edcfbcccc0dd34039..7c9038ba6c2e57a2b273567b5cc1737eff0aa077 100644 (file)
--- a/src/enums.h
+++ b/src/enums.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: enums.h,v 1.165 2000/05/02 20:58:30 hno Exp $
+ * $Id: enums.h,v 1.166 2000/05/02 21:38:12 hno Exp $
  *
  *
  * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -121,6 +121,7 @@ typedef enum {
     ACL_SNMP_COMMUNITY,
     ACL_NETDB_SRC_RTT,
     ACL_MAXCONN,
+    ACL_REQ_MIME_TYPE,
     ACL_ENUM_MAX
 } squid_acl;