From: Amos Jeffries Date: Fri, 15 Jul 2011 03:30:16 +0000 (+1200) Subject: Use forward-proxy port for internal URLs. X-Git-Tag: take08~55^2~68 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=af5ebaf4fd73cde584ed5455acf576789799c492;p=thirdparty%2Fsquid.git Use forward-proxy port for internal URLs. Alter the getMyPort() function to skip ports flagged for special mode handling (intercept, tproxy, accel) when generating internal URLs. This allows us to lock down security on these special mode ports and still have an optional position for the forward-proxy port. Prior to this only the first port was used, forcing an unnecessary configuration order. Since it is now possible to have no port available for these URLs the fatal()/crash has been reduced to an annoying cache.log message. Port 0 will be inserted into the URLs making them invalid. For now this is only done on http_port entries. https_port has an incomplete merge of https_port_list/http_port_list which needs to be completed before it is easily done there. --- diff --git a/src/tools.cc b/src/tools.cc index deb684c29e..02b4c57984 100644 --- a/src/tools.cc +++ b/src/tools.cc @@ -1245,19 +1245,22 @@ parseEtcHosts(void) int getMyPort(void) { - if (Config.Sockaddr.http) - return Config.Sockaddr.http->s.GetPort(); + if (Config.Sockaddr.http) { + // skip any special mode ports + http_port_list *p = Config.Sockaddr.http; + while(p->intercepted || p->accel || p->spoof_client_ip) + p = p->next; + if (p) + return p->s.GetPort(); + } #if USE_SSL - if (Config.Sockaddr.https) return Config.Sockaddr.https->http.s.GetPort(); - #endif - fatal("No port defined"); - - return 0; /* NOT REACHED */ + debugs(21, DBG_CRITICAL, "ERROR: No forward-proxy ports configured."); + return 0; // Invalid port. This will result in invalid URLs on bad configurations. } /*