From 6fff352a49eeac647c7994e877f7baf63e93e89e Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 11 Feb 2011 13:20:12 -0700
Subject: [PATCH] Prevent CONNECT request relaying to origin servers

CONNECT requests are proxy requests not to be forwarded to origins
---
 src/neighbors.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/neighbors.cc b/src/neighbors.cc
index e5ea243f6c..ad9ec5bbda 100644
--- a/src/neighbors.cc
+++ b/src/neighbors.cc
@@ -167,6 +167,10 @@ peerAllowedToUse(const peer * p, HttpRequest * request)
             return 0;
     }
 
+    // CONNECT requests are proxy requests. Not to be forwarded to origin servers.
+    if (p->options.originserver && request->method == METHOD_CONNECT)
+        return 0;
+
     if (p->peer_domain == NULL && p->access == NULL)
         return do_ping;
 
-- 
2.47.2