added an option to handle intercepted sessions locally
This commit is contained in:
parent
bd40641e08
commit
870f307d96
@ -188,7 +188,7 @@ struct loccfg_t
|
|||||||
{
|
{
|
||||||
unsigned int allow_http: 1;
|
unsigned int allow_http: 1;
|
||||||
unsigned int allow_connect: 1;
|
unsigned int allow_connect: 1;
|
||||||
unsigned int allow_intercept: 1;
|
unsigned int allow_intercept: 2; /* 0: no, 1: proxy, 2: local */
|
||||||
unsigned int allow_upgrade: 1;
|
unsigned int allow_upgrade: 1;
|
||||||
unsigned int dns_enabled: 1;
|
unsigned int dns_enabled: 1;
|
||||||
unsigned int urs_enabled: 1;
|
unsigned int urs_enabled: 1;
|
||||||
@ -465,7 +465,13 @@ static int get_server_root (
|
|||||||
if (qinfo->client->status & QSE_HTTPD_CLIENT_INTERCEPTED)
|
if (qinfo->client->status & QSE_HTTPD_CLIENT_INTERCEPTED)
|
||||||
{
|
{
|
||||||
/* transparent proxying */
|
/* transparent proxying */
|
||||||
if (loccfg->proxy.allow_intercept)
|
if (loccfg->proxy.allow_intercept <= 0)
|
||||||
|
{
|
||||||
|
root->type = QSE_HTTPD_SERVERSTD_ROOT_ERROR;
|
||||||
|
root->u.error.code = 403; /* forbidden */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
else if (loccfg->proxy.allow_intercept <= 1)
|
||||||
{
|
{
|
||||||
root->type = QSE_HTTPD_SERVERSTD_ROOT_PROXY;
|
root->type = QSE_HTTPD_SERVERSTD_ROOT_PROXY;
|
||||||
root->u.proxy.dst.nwad = qinfo->client->orgdst_addr;
|
root->u.proxy.dst.nwad = qinfo->client->orgdst_addr;
|
||||||
@ -480,12 +486,6 @@ static int get_server_root (
|
|||||||
|
|
||||||
goto proxy_ok;
|
goto proxy_ok;
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
root->type = QSE_HTTPD_SERVERSTD_ROOT_ERROR;
|
|
||||||
root->u.error.code = 403; /* forbidden */
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mth == QSE_HTTP_CONNECT)
|
if (mth == QSE_HTTP_CONNECT)
|
||||||
@ -1059,6 +1059,15 @@ static int get_boolean (const qse_xli_str_t* v)
|
|||||||
qse_strxcasecmp (v->ptr, v->len, QSE_T("on")) == 0);
|
qse_strxcasecmp (v->ptr, v->len, QSE_T("on")) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int get_intercept (const qse_xli_str_t* v)
|
||||||
|
{
|
||||||
|
if (qse_strxcasecmp (v->ptr, v->len, QSE_T("local")) == 0) return 2;
|
||||||
|
if (qse_strxcasecmp (v->ptr, v->len, QSE_T("proxy")) == 0 ||
|
||||||
|
qse_strxcasecmp (v->ptr, v->len, QSE_T("yes")) == 0 ||
|
||||||
|
qse_strxcasecmp (v->ptr, v->len, QSE_T("on")) == 0) return 1;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int get_integer (const qse_xli_str_t* v)
|
static int get_integer (const qse_xli_str_t* v)
|
||||||
{
|
{
|
||||||
/* TODO: be more strict */
|
/* TODO: be more strict */
|
||||||
@ -1474,7 +1483,7 @@ static int load_loccfg_proxy (qse_httpd_t* httpd, qse_xli_t* xli, qse_xli_list_t
|
|||||||
pair = QSE_NULL;
|
pair = QSE_NULL;
|
||||||
if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("intercept"));
|
if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("intercept"));
|
||||||
if (!pair && default_proxy) pair = qse_xli_findpair (xli, default_proxy, QSE_T("intercept"));
|
if (!pair && default_proxy) pair = qse_xli_findpair (xli, default_proxy, QSE_T("intercept"));
|
||||||
if (pair) cfg->proxy.allow_intercept = get_boolean ((qse_xli_str_t*)pair->val);
|
if (pair) cfg->proxy.allow_intercept = get_intercept ((qse_xli_str_t*)pair->val);
|
||||||
|
|
||||||
pair = QSE_NULL;
|
pair = QSE_NULL;
|
||||||
if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("upgrade"));
|
if (proxy) pair = qse_xli_findpair (xli, proxy, QSE_T("upgrade"));
|
||||||
|
@ -134,14 +134,14 @@ server-default {
|
|||||||
# Default proxy configuration
|
# Default proxy configuration
|
||||||
####################################################################
|
####################################################################
|
||||||
proxy {
|
proxy {
|
||||||
http = yes;
|
http = yes; # yes/on, no/off
|
||||||
connect = yes;
|
connect = yes; # yes/on, no/off
|
||||||
intercept = yes;
|
intercept = yes; # yes/proxy/on, local, no/off,
|
||||||
upgrade = yes;
|
upgrade = yes; # yes/on, no/off
|
||||||
|
|
||||||
#pseudonym = "nice-host";
|
#pseudonym = "nice-host";
|
||||||
|
|
||||||
dns-enabled = yes; # yes, no
|
dns-enabled = yes; # yes/on, no/off
|
||||||
dns-server = "192.168.1.1:53";
|
dns-server = "192.168.1.1:53";
|
||||||
#dns-server = "[::1]:53";
|
#dns-server = "[::1]:53";
|
||||||
#dns-server = "@/tmp/dns.sock"; # unix socket prefixed with @
|
#dns-server = "@/tmp/dns.sock"; # unix socket prefixed with @
|
||||||
|
Loading…
Reference in New Issue
Block a user