From: hno <> Date: Wed, 3 May 2000 03:38:11 +0000 (+0000) Subject: hno squid-2.4.DEVEL2.acl_req_mime_type.patch X-Git-Tag: SQUID_3_0_PRE1~1996 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ba2b31a888436643e84e13e1377b1f53b6e2f93d;p=thirdparty%2Fsquid.git hno squid-2.4.DEVEL2.acl_req_mime_type.patch Squid-2.4.DEVEL2: req_mime_type ACL regex match agains the mime type of the request generated by the client. Can be used to detect file upload or some types HTTP tunelling requests. NOTE: This does NOT match the reply. You cannot use this to match the returned file type. --- diff --git a/ChangeLog b/ChangeLog index c73c8376ef..4735718f54 100644 --- a/ChangeLog +++ b/ChangeLog @@ -55,6 +55,8 @@ Changes to Squid-2.4.DEVEL3 (): - Fixed a temporary memory leak on persistent POSTs - Fixed a temporary memory leak when the server response headers includes NULL characters + - authenticate_ip_ttl_is_strict squid.conf option + - req_mime_type ACL type Changes to Squid-2.4.DEVEL2 (): diff --git a/src/acl.cc b/src/acl.cc index 294cf1ce12..aa6e344f81 100644 --- a/src/acl.cc +++ b/src/acl.cc @@ -1,6 +1,6 @@ /* - * $Id: acl.cc,v 1.216 2000/05/02 21:35:24 hno Exp $ + * $Id: acl.cc,v 1.217 2000/05/02 21:38:11 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -209,6 +209,8 @@ aclStrToType(const char *s) if (!strcmp(s, "arp")) return ACL_SRC_ARP; #endif + if (!strcmp(s, "req_mime_type")) + return ACL_REQ_MIME_TYPE; return ACL_NONE; } @@ -271,6 +273,8 @@ aclTypeToStr(squid_acl type) if (type == ACL_SRC_ARP) return "arp"; #endif + if (type == ACL_REQ_MIME_TYPE) + return "req_mime_type"; return "ERROR"; } @@ -762,6 +766,9 @@ aclParseAclLine(acl ** head) aclParseArpList(&A->data); break; #endif + case ACL_REQ_MIME_TYPE: + aclParseWordList(&A->data); + break; case ACL_NONE: default: fatal("Bad ACL type"); @@ -1526,6 +1533,13 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist) case ACL_SRC_ARP: return aclMatchArp(&ae->data, checklist->src_addr); #endif + case ACL_REQ_MIME_TYPE: + header = httpHeaderGetStr(&checklist->request->header, + HDR_CONTENT_TYPE); + if (NULL == header) + header = ""; + return aclMatchRegex(ae->data, header); + /* NOTREACHED */ case ACL_NONE: default: debug(28, 0) ("aclMatchAcl: '%s' has bad type %d\n", diff --git a/src/cf.data.pre b/src/cf.data.pre index d9d9392fd9..9389574d10 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.177 2000/05/02 21:35:24 hno Exp $ +# $Id: cf.data.pre,v 1.178 2000/05/02 21:38:12 hno Exp $ # # # SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -1599,10 +1599,17 @@ DOC_START # This will be matched when the client's IP address has # more than HTTP connections established. + acl req_mime_type mime-type1 ... + # regex match agains the mime type of the request generated + # by the client. Can be used to detect file upload or some + # types HTTP tunelling requests. + # NOTE: This does NOT match the reply. You cannot use this + # to match the returned file type. Examples: acl myexample dst_as 1241 acl password proxy_auth REQUIRED +acl fileupload req_mime_type -i ^multipart/form-data$ NOCOMMENT_START #Recommended minimum configuration: diff --git a/src/enums.h b/src/enums.h index 630ffe164a..7c9038ba6c 100644 --- a/src/enums.h +++ b/src/enums.h @@ -1,6 +1,6 @@ /* - * $Id: enums.h,v 1.165 2000/05/02 20:58:30 hno Exp $ + * $Id: enums.h,v 1.166 2000/05/02 21:38:12 hno Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -121,6 +121,7 @@ typedef enum { ACL_SNMP_COMMUNITY, ACL_NETDB_SRC_RTT, ACL_MAXCONN, + ACL_REQ_MIME_TYPE, ACL_ENUM_MAX } squid_acl;