diff --git a/qse/cmd/http/httpd.c b/qse/cmd/http/httpd.c index a31c63d1..1e8b555f 100644 --- a/qse/cmd/http/httpd.c +++ b/qse/cmd/http/httpd.c @@ -188,7 +188,7 @@ struct loccfg_t { unsigned int allow_http: 1; unsigned int allow_connect: 1; - unsigned int allow_intercept: 1; + unsigned int allow_intercept: 2; /* 0: no, 1: proxy, 2: local */ unsigned int allow_upgrade: 1; unsigned int dns_enabled: 1; unsigned int urs_enabled: 1; @@ -465,7 +465,13 @@ static int get_server_root ( if (qinfo->client->status & QSE_HTTPD_CLIENT_INTERCEPTED) { /* transparent proxying */ - if (loccfg->proxy.allow_intercept) + if (loccfg->proxy.allow_intercept <= 0) + { + root->type = QSE_HTTPD_SERVERSTD_ROOT_ERROR; + root->u.error.code = 403; /* forbidden */ + return 0; + } + else if (loccfg->proxy.allow_intercept <= 1) { root->type = QSE_HTTPD_SERVERSTD_ROOT_PROXY; root->u.proxy.dst.nwad = qinfo->client->orgdst_addr; @@ -480,12 +486,6 @@ static int get_server_root ( goto proxy_ok; } - else - { - root->type = QSE_HTTPD_SERVERSTD_ROOT_ERROR; - root->u.error.code = 403; /* forbidden */ - return 0; - } } if (mth == QSE_HTTP_CONNECT) @@ -1059,6 +1059,15 @@ static int get_boolean (const qse_xli_str_t* v) qse_strxcasecmp (v->ptr, v->len, QSE_T("on")) == 0); } +static int get_intercept (const qse_xli_str_t* v) +{ + if (qse_strxcasecmp (v->ptr, v->len, QSE_T("local")) == 0) return 2; + if (qse_strxcasecmp (v->ptr, v->len, QSE_T("proxy")) == 0 || + qse_strxcasecmp (v->ptr, v->len, QSE_T("yes")) == 0 || + qse_strxcasecmp (v->ptr, v->len, QSE_T("on")) == 0) return 1; + return 0; +} + static int get_integer (const qse_xli_str_t* v) { /* TODO: be more strict */ @@ -1474,7 +1483,7 @@ static int load_loccfg_proxy (qse_httpd_t* httpd, qse_xli_t* xli, qse_xli_list_t pair = QSE_NULL; if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("intercept")); if (!pair && default_proxy) pair = qse_xli_findpair (xli, default_proxy, QSE_T("intercept")); - if (pair) cfg->proxy.allow_intercept = get_boolean ((qse_xli_str_t*)pair->val); + if (pair) cfg->proxy.allow_intercept = get_intercept ((qse_xli_str_t*)pair->val); pair = QSE_NULL; if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("upgrade")); diff --git a/qse/cmd/http/httpd.conf b/qse/cmd/http/httpd.conf index 1a487214..6ff42b1a 100644 --- a/qse/cmd/http/httpd.conf +++ b/qse/cmd/http/httpd.conf @@ -134,14 +134,14 @@ server-default { # Default proxy configuration #################################################################### proxy { - http = yes; - connect = yes; - intercept = yes; - upgrade = yes; + http = yes; # yes/on, no/off + connect = yes; # yes/on, no/off + intercept = yes; # yes/proxy/on, local, no/off, + upgrade = yes; # yes/on, no/off #pseudonym = "nice-host"; - dns-enabled = yes; # yes, no + dns-enabled = yes; # yes/on, no/off dns-server = "192.168.1.1:53"; #dns-server = "[::1]:53"; #dns-server = "@/tmp/dns.sock"; # unix socket prefixed with @