From: glenn <> Date: Sat, 23 Jan 1999 02:06:57 +0000 (+0000) Subject: Modified the anonymizer to be more customizable. X-Git-Tag: SQUID_3_0_PRE1~2356 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9747459028dfcab615920ccec6c1898ad49ce91f;p=thirdparty%2Fsquid.git Modified the anonymizer to be more customizable. --- diff --git a/ChangeLog b/ChangeLog index 2a0a804069..d42a9e0ab6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -58,6 +58,11 @@ Changes to Squid-2.2 (): - Fixed pconnPush() bug that prevented holding on to persistent connections (Manfred Bathelt). - Pid file now rewritten on SIGHUP. + - Rewrote the anonymizer. + - Removed the http_anonymizer option. + - Added the http_header option to allow individual referencing of + headers for addition or removal. See 'http_header' in squid.conf + for additional configuration. Changes to Squid-2.1 (November 16, 1998): diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc index bed2dd5695..1b3b9f7a02 100644 --- a/src/HttpHeader.cc +++ b/src/HttpHeader.cc @@ -1,6 +1,6 @@ /* - * $Id: HttpHeader.cc,v 1.59 1998/12/05 00:54:11 wessels Exp $ + * $Id: HttpHeader.cc,v 1.60 1999/01/22 19:06:58 glenn Exp $ * * DEBUG: section 55 HTTP Header * AUTHOR: Alex Rousskov @@ -234,15 +234,16 @@ httpHeaderInitModule() assert(8 * sizeof(HttpHeaderMask) >= HDR_ENUM_END); /* all headers must be described */ assert(countof(HeadersAttrs) == HDR_ENUM_END); - Headers = httpHeaderBuildFieldsInfo(HeadersAttrs, HDR_ENUM_END); + if(!Headers) + Headers = httpHeaderBuildFieldsInfo(HeadersAttrs, HDR_ENUM_END); /* create masks */ - httpHeaderMaskInit(&ListHeadersMask); + httpHeaderMaskInit(&ListHeadersMask, 0); httpHeaderCalcMask(&ListHeadersMask, (const int *) ListHeadersArr, countof(ListHeadersArr)); - httpHeaderMaskInit(&ReplyHeadersMask); + httpHeaderMaskInit(&ReplyHeadersMask, 0); httpHeaderCalcMask(&ReplyHeadersMask, (const int *) ReplyHeadersArr, countof(ReplyHeadersArr)); httpHeaderCalcMask(&ReplyHeadersMask, (const int *) GeneralHeadersArr, countof(GeneralHeadersArr)); httpHeaderCalcMask(&ReplyHeadersMask, (const int *) EntityHeadersArr, countof(EntityHeadersArr)); - httpHeaderMaskInit(&RequestHeadersMask); + httpHeaderMaskInit(&RequestHeadersMask, 0); httpHeaderCalcMask(&RequestHeadersMask, (const int *) RequestHeadersArr, countof(RequestHeadersArr)); httpHeaderCalcMask(&RequestHeadersMask, (const int *) GeneralHeadersArr, countof(GeneralHeadersArr)); httpHeaderCalcMask(&RequestHeadersMask, (const int *) EntityHeadersArr, countof(EntityHeadersArr)); @@ -488,7 +489,7 @@ httpHeaderDelByName(HttpHeader * hdr, const char *name) int count = 0; HttpHeaderPos pos = HttpHeaderInitPos; HttpHeaderEntry *e; - httpHeaderMaskInit(&hdr->mask); /* temporal inconsistency */ + httpHeaderMaskInit(&hdr->mask, 0); /* temporal inconsistency */ debug(55, 7) ("deleting '%s' fields in hdr %p\n", name, hdr); while ((e = httpHeaderGetEntry(hdr, &pos))) { if (!strCaseCmp(e->name, name)) { @@ -1061,3 +1062,26 @@ httpHeaderStoreReport(StoreEntry * e) HttpHeaderStats[0].parsedCount); storeAppendPrintf(e, "Hdr Fields Parsed: %d\n", HeaderEntryParsedCount); } + +int +httpHeaderIdByName(const char *name, int name_len, const HttpHeaderFieldInfo * info, int end) +{ + int i; + for (i = 0; i < end; ++i) { + if (name_len >= 0 && name_len != strLen(info[i].name)) + continue; + if (!strncasecmp(name, strBuf(info[i].name), + name_len < 0 ? strLen(info[i].name) + 1 : name_len)) + return i; + } + return -1; +} + +int +httpHeaderIdByNameDef(const char *name, int name_len) +{ + if (!Headers) + Headers = httpHeaderBuildFieldsInfo(HeadersAttrs, HDR_ENUM_END); + return httpHeaderIdByName(name, name_len, Headers, HDR_ENUM_END); +} + diff --git a/src/HttpHeaderTools.cc b/src/HttpHeaderTools.cc index 47a980e7e0..3a6427aea5 100644 --- a/src/HttpHeaderTools.cc +++ b/src/HttpHeaderTools.cc @@ -1,5 +1,5 @@ /* - * $Id: HttpHeaderTools.cc,v 1.22 1999/01/11 21:55:36 wessels Exp $ + * $Id: HttpHeaderTools.cc,v 1.23 1999/01/22 19:06:59 glenn Exp $ * * DEBUG: section 66 HTTP Header Tools * AUTHOR: Alex Rousskov @@ -76,9 +76,9 @@ httpHeaderDestroyFieldsInfo(HttpHeaderFieldInfo * table, int count) } void -httpHeaderMaskInit(HttpHeaderMask * mask) +httpHeaderMaskInit(HttpHeaderMask * mask, int value) { - memset(mask, 0, sizeof(*mask)); + memset(mask, value, sizeof(*mask)); } /* calculates a bit mask of a given array; does not reset mask! */ @@ -95,21 +95,6 @@ httpHeaderCalcMask(HttpHeaderMask * mask, const int *enums, int count) } } - -int -httpHeaderIdByName(const char *name, int name_len, const HttpHeaderFieldInfo * info, int end) -{ - int i; - for (i = 0; i < end; ++i) { - if (name_len >= 0 && name_len != strLen(info[i].name)) - continue; - if (!strncasecmp(name, strBuf(info[i].name), - name_len < 0 ? strLen(info[i].name) + 1 : name_len)) - return i; - } - return -1; -} - /* same as httpHeaderPutStr, but formats the string using snprintf first */ #if STDC_HEADERS void diff --git a/src/HttpReply.cc b/src/HttpReply.cc index cea80a4e9a..5ef37cd6de 100644 --- a/src/HttpReply.cc +++ b/src/HttpReply.cc @@ -1,6 +1,6 @@ /* - * $Id: HttpReply.cc,v 1.34 1998/12/05 00:54:11 wessels Exp $ + * $Id: HttpReply.cc,v 1.35 1999/01/22 19:07:00 glenn Exp $ * * DEBUG: section 58 HTTP Reply (Response) * AUTHOR: Alex Rousskov @@ -62,7 +62,7 @@ static int httpReplyIsolateStart(const char **parse_start, const char **blk_star void httpReplyInitModule() { - httpHeaderMaskInit(&Denied304HeadersMask); + httpHeaderMaskInit(&Denied304HeadersMask, 0); httpHeaderCalcMask(&Denied304HeadersMask, (const int *) Denied304HeadersArr, countof(Denied304HeadersArr)); } diff --git a/src/HttpRequest.cc b/src/HttpRequest.cc index d19ac3bc2d..7b520fac8c 100644 --- a/src/HttpRequest.cc +++ b/src/HttpRequest.cc @@ -1,6 +1,6 @@ /* - * $Id: HttpRequest.cc,v 1.20 1999/01/11 22:23:07 wessels Exp $ + * $Id: HttpRequest.cc,v 1.21 1999/01/22 19:07:00 glenn Exp $ * * DEBUG: section 73 HTTP Request * AUTHOR: Duane Wessels @@ -146,14 +146,11 @@ int httpRequestHdrAllowed(const HttpHeaderEntry * e, String * strConn) { assert(e); - /* check connection header first */ + /* check with anonymizer tables */ + if (CBIT_TEST(Config.http_header, e->id)) + return 0; + /* check connection header */ if (strConn && strListIsMember(strConn, strBuf(e->name), ',')) return 0; - /* check with anonymizer tables */ - if (Config.onoff.anonymizer == ANONYMIZER_PARANOID) { - return httpAnonHdrAllowed(e->id); - } else if (Config.onoff.anonymizer == ANONYMIZER_STANDARD) { - return !httpAnonHdrDenied(e->id); - } return 1; } diff --git a/src/Makefile.in b/src/Makefile.in index d15d3b4675..c182b1ea1b 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,7 +1,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.167 1999/01/13 23:24:09 wessels Exp $ +# $Id: Makefile.in,v 1.168 1999/01/22 19:07:01 glenn Exp $ # # Uncomment and customize the following to suit your needs: # @@ -110,7 +110,6 @@ OBJS = \ helper.o \ @HTCP_OBJS@ \ http.o \ - http-anon.o \ HttpStatusLine.o \ HttpHdrCc.o \ HttpHdrRange.o \ diff --git a/src/cache_cf.cc b/src/cache_cf.cc index f23d6fe46a..b774f41be4 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.cc,v 1.319 1999/01/21 23:15:35 wessels Exp $ + * $Id: cache_cf.cc,v 1.320 1999/01/22 19:07:02 glenn Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -56,6 +56,8 @@ static const char *const B_GBYTES_STR = "GB"; static const char *const list_sep = ", \t\n\r"; +static int http_header_first = 0; + static void self_destruct(void); static void configDoConfigure(void); @@ -72,6 +74,9 @@ static size_t parseBytesUnits(const char *unit); static void free_all(void); static void requirePathnameExists(const char *name, const char *path); static OBJH dump_config; +static void dump_http_header(StoreEntry * entry, const char *name, HttpHeaderMask header); +static void parse_http_header(HttpHeaderMask * header); +static void free_http_header(HttpHeaderMask *header); static void self_destruct(void) @@ -510,6 +515,57 @@ free_address(struct in_addr *addr) memset(addr, '\0', sizeof(struct in_addr)); } +static void +dump_http_header(StoreEntry * entry, const char *name, HttpHeaderMask header) +{ + storeAppendPrintf(entry, "%s\n", name); +} + +static void +parse_http_header(HttpHeaderMask * header) +{ + int allowed, id; + char *t = NULL; + + if ((t = strtok(NULL, w_space)) == NULL) { + debug(3, 0) ("%s line %d: %s\n", + cfg_filename, config_lineno, config_input_line); + debug(3, 0) ("parse_http_header: missing 'allow' or 'deny'.\n"); + return; + } + if (!strcmp(t, "allow")) + allowed = 1; + else if (!strcmp(t, "deny")) + allowed = 0; + else { + debug(3, 0) ("%s line %d: %s\n", + cfg_filename, config_lineno, config_input_line); + debug(3, 0) ("parse_http_header: expecting 'allow' or 'deny', got '%s'.\n", t); + return; + } + + if(!http_header_first){ + http_header_first = 1; + if (allowed) + httpHeaderMaskInit(header, 0xFF); + } + + while ((t = strtok(NULL, w_space))) { + if ((id = httpHeaderIdByNameDef(t, strlen(t))) == -1) + id = HDR_OTHER; + if (allowed) + CBIT_CLR(*header, id); + else + CBIT_SET(*header, id); + } +} + +static void +free_http_header(HttpHeaderMask *header) +{ + httpHeaderMaskInit(header, 0); +} + static void dump_cachedir(StoreEntry * entry, const char *name, cacheSwap swap) { @@ -951,38 +1007,6 @@ parse_hostdomaintype(void) } } -static void -dump_httpanonymizer(StoreEntry * entry, const char *name, int var) -{ - switch (var) { - case ANONYMIZER_NONE: - storeAppendPrintf(entry, "%s off\n", name); - break; - case ANONYMIZER_STANDARD: - storeAppendPrintf(entry, "%s paranoid\n", name); - break; - case ANONYMIZER_PARANOID: - storeAppendPrintf(entry, "%s standard\n", name); - break; - } -} - -static void -parse_httpanonymizer(int *var) -{ - char *token; - token = strtok(NULL, w_space); - if (token == NULL) - self_destruct(); - if (!strcasecmp(token, "off")) - *var = ANONYMIZER_NONE; - else if (!strcasecmp(token, "paranoid")) - *var = ANONYMIZER_PARANOID; - else - *var = ANONYMIZER_STANDARD; -} - - static void dump_ushortlist(StoreEntry * entry, const char *name, ushortlist * u) { diff --git a/src/cf.data.pre b/src/cf.data.pre index 0b73dd5bfe..bab4c6a37e 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.133 1999/01/21 23:58:41 wessels Exp $ +# $Id: cf.data.pre,v 1.134 1999/01/22 19:07:03 glenn Exp $ # # # SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -2062,25 +2062,6 @@ DOC_START store_objects_per_bucket 20 DOC_END - -NAME: http_anonymizer -TYPE: httpanonymizer -LOC: Config.onoff.anonymizer -DEFAULT: off -DOC_START - If you want to filter out certain HTTP request headers for - privacy reasons, enable this option. There are three - appropriate settings: - 'off' All HTTP request headers are passed. - 'standard' Specific headers are removed - 'paranoid' Only specific headers are allowed. - To see which headers are allowed or denied, please see the - http-anon.c source file. - -http_anonymizer off -DOC_END - - NAME: client_db COMMENT: on|off TYPE: onoff @@ -2262,14 +2243,46 @@ DOC_START and firewall_ip. DOC_END +NAME: http_header +TYPE: http_header +LOC: Config.http_header +DEFAULT: none +DOC_START + Lets you to configure which headers are passed by squid + to allow you to anonymize the requests delivered by your + proxy server. Please read the HTTP rfc's for header names + and functions. + + There are two methods of using this command. You can choose + two methods either: + + http_header allow header_name ... + + Which denys all headers expect for those listed. Or : + + http_header deny header_name ... + + Which allows all headers except for those listed. By default + all headers are allowed. You CAN NOT have allow and deny + commands together in the same configuration. + + usage: + + http_header allow|deny header_name ... + +Example: +This example acts like the old standard configuration: + +http_header deny From Referer Server User-Agent WWW-Authenticate Link +DOC_END + NAME: fake_user_agent TYPE: eol LOC: Config.fake_ua DEFAULT: none DOC_START - If you use the paranoid http_anonymizer setting, Squid will strip - your User-agent string from the request. Some Web servers will - refuse your request without a User-agent string. Use this to + If you filter the User-Agent header with 'http_header' it will + cause some Web servers to refuse your request. Use this to fake one up. For example: fake_user_agent Nutscrape/1.0 (CP/M; 8-bit) diff --git a/src/main.cc b/src/main.cc index bd01309cf4..1dce1b8063 100644 --- a/src/main.cc +++ b/src/main.cc @@ -1,6 +1,6 @@ /* - * $Id: main.cc,v 1.287 1999/01/21 21:13:02 wessels Exp $ + * $Id: main.cc,v 1.288 1999/01/22 19:07:04 glenn Exp $ * * DEBUG: section 1 Startup and Main Loop * AUTHOR: Harvest Derived @@ -410,7 +410,6 @@ mainInitialize(void) authenticateInit(); useragentOpenLog(); httpHeaderInitModule(); /* must go before any header processing (e.g. the one in errorInitialize) */ - httpAnonInitModule(); /* must go before accepting requests */ httpReplyInitModule(); /* must go before accepting replies */ errorInitialize(); accessLogInit(); diff --git a/src/protos.h b/src/protos.h index 935a18067d..53e4ce169b 100644 --- a/src/protos.h +++ b/src/protos.h @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.309 1999/01/21 21:13:04 wessels Exp $ + * $Id: protos.h,v 1.310 1999/01/22 19:07:05 glenn Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -355,7 +355,8 @@ extern void httpHdrContRangeSet(HttpHdrContRange *, HttpHdrRangeSpec, size_t ent extern HttpHeaderFieldInfo *httpHeaderBuildFieldsInfo(const HttpHeaderFieldAttrs * attrs, int count); extern void httpHeaderDestroyFieldsInfo(HttpHeaderFieldInfo * info, int count); extern int httpHeaderIdByName(const char *name, int name_len, const HttpHeaderFieldInfo * attrs, int end); -extern void httpHeaderMaskInit(HttpHeaderMask * mask); +extern int httpHeaderIdByNameDef(const char *name, int name_len); +extern void httpHeaderMaskInit(HttpHeaderMask * mask, int value); extern void httpHeaderCalcMask(HttpHeaderMask * mask, const int *enums, int count); extern int httpHeaderHasConnDir(const HttpHeader * hdr, const char *directive); extern void httpHeaderAddContRange(HttpHeader * hdr, HttpHdrRangeSpec spec, size_t ent_len); diff --git a/src/structs.h b/src/structs.h index 8171395869..9c9b4b2ea8 100644 --- a/src/structs.h +++ b/src/structs.h @@ -1,7 +1,7 @@ /* - * $Id: structs.h,v 1.267 1999/01/21 23:58:47 wessels Exp $ + * $Id: structs.h,v 1.268 1999/01/22 19:07:06 glenn Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -429,6 +429,7 @@ struct _SquidConfig { char *encode_key; } mcast_miss; #endif + HttpHeaderMask http_header; }; struct _SquidConfig2 {