Index: squid/src/HttpHeaderTools.c diff -c squid/src/HttpHeaderTools.c:1.32.2.2 squid/src/HttpHeaderTools.c:1.32.2.3 *** squid/src/HttpHeaderTools.c:1.32.2.2 Mon May 26 06:14:27 2003 --- squid/src/HttpHeaderTools.c Sat Sep 25 05:56:16 2004 *************** *** 422,434 **** static int httpHdrMangle(HttpHeaderEntry * e, request_t * request) { ! int retval; /* check with anonymizer tables */ header_mangler *hm; aclCheck_t *checklist; assert(e); ! hm = &Config.header_access[e->id]; checklist = aclChecklistCreate(hm->access_list, request, NULL); if (1 == aclCheckFast(hm->access_list, checklist)) { /* aclCheckFast returns 1 for allow. */ --- 422,444 ---- static int httpHdrMangle(HttpHeaderEntry * e, request_t * request) { ! int retval = 1; /* check with anonymizer tables */ header_mangler *hm; aclCheck_t *checklist; assert(e); ! if (e->id == HDR_OTHER) { ! for (hm = Config.header_access[HDR_OTHER].next; hm; hm = hm->next) { ! if (strCmp(e->name, hm->name) == 0) ! break; ! } ! if (!hm) ! return 1; ! } else ! hm = &Config.header_access[e->id]; ! if (!hm->access_list) ! return 1; checklist = aclChecklistCreate(hm->access_list, request, NULL); if (1 == aclCheckFast(hm->access_list, checklist)) { /* aclCheckFast returns 1 for allow. */ *************** *** 442,452 **** * is allowed. */ stringReset(&e->value, hm->replacement); ! retval = 1; } - aclChecklistFree(checklist); ! return retval; } /* Mangles headers for a list of headers. */ --- 452,462 ---- * is allowed. */ stringReset(&e->value, hm->replacement); ! retval = -1; } aclChecklistFree(checklist); ! ! return retval != 0; } /* Mangles headers for a list of headers. */ Index: squid/src/acl.c diff -c squid/src/acl.c:1.270.2.28 squid/src/acl.c:1.270.2.29 *** squid/src/acl.c:1.270.2.28 Wed Sep 1 06:21:49 2004 --- squid/src/acl.c Sat Sep 25 05:56:16 2004 *************** *** 65,70 **** --- 65,72 ---- static void aclDestroyUserMaxIP(void *data); static wordlist *aclDumpUserMaxIP(void *data); static int aclMatchUserMaxIP(void *, auth_user_request_t *, struct in_addr); + static void aclParseHeader(void *data); + static void aclDestroyHeader(void *data); static squid_acl aclStrToType(const char *s); static int decode_addr(const char *, struct in_addr *, struct in_addr *); static void aclCheck(aclCheck_t * checklist); *************** *** 174,179 **** --- 176,185 ---- return ACL_REQ_MIME_TYPE; if (!strcmp(s, "rep_mime_type")) return ACL_REP_MIME_TYPE; + if (!strcmp(s, "rep_header")) + return ACL_REP_HEADER; + if (!strcmp(s, "req_header")) + return ACL_REQ_HEADER; if (!strcmp(s, "max_user_ip")) return ACL_MAX_USER_IP; if (!strcmp(s, "external")) *************** *** 250,255 **** --- 256,265 ---- return "req_mime_type"; if (type == ACL_REP_MIME_TYPE) return "rep_mime_type"; + if (type == ACL_REP_HEADER) + return "rep_header"; + if (type == ACL_REQ_HEADER) + return "req_header"; if (type == ACL_MAX_USER_IP) return "max_user_ip"; if (type == ACL_EXTERNAL) *************** *** 617,622 **** --- 627,707 ---- } } + static void + aclParseHeader(void *data) + { + char *t; + acl_hdr_data **hd = data; + acl_hdr_data *q; + + t = strtokFile(); + if (NULL == t) { + debug(28, 0) ("%s line %d: %s\n", cfg_filename, config_lineno, config_input_line); + debug(28, 0) ("aclParseHeader: No data defined '%s'\n", t); + return; + } + q = xcalloc(1, sizeof(acl_hdr_data)); + q->hdr_name = xstrdup(t); + q->hdr_id = httpHeaderIdByNameDef(t, strlen(t)); + aclParseRegexList(q->reglist); + if (!q->reglist) { + debug(28, 0) ("%s line %d: %s\n", cfg_filename, config_lineno, config_input_line); + debug(28, 0) ("aclParseHeader: No pattern defined '%s'\n", t); + aclDestroyHeader(&q); + return; + } + while (*hd) + hd = &(*hd)->next; + *hd = q; + } + + static int + aclMatchHeader(acl_hdr_data * hdrs, const HttpHeader * hdr) + { + acl_hdr_data *hd; + for (hd = hdrs; hd; hd = hd->next) { + int ret; + String header; + if (hd->hdr_id != -1) + header = httpHeaderGetStrOrList(hdr, hd->hdr_id); + else + header = httpHeaderGetByName(hdr, hd->hdr_name); + if (!strBuf(header)) + continue; + ret = aclMatchRegex(hd->reglist, strBuf(header)); + stringClean(&header); + if (ret) + return 1; + } + return 0; + } + + void + aclDestroyHeader(void *data) + { + acl_hdr_data **acldata = data; + while (*acldata) { + acl_hdr_data *q = *acldata; + *acldata = q->next; + if (q->reglist) + aclDestroyRegexList((*acldata)->reglist); + safe_free(q); + } + } + + static wordlist * + aclDumpHeader(acl_hdr_data * hd) + { + wordlist *W = NULL; + relist *data = hd->reglist; + wordlistAdd(&W, httpHeaderNameById(hd->hdr_id)); + while (data != NULL) { + wordlistAdd(&W, data->pattern); + data = data->next; + } + return aclDumpRegexList(hd->reglist); + } + #if SQUID_SNMP static void aclParseWordList(void *curlist) *************** *** 763,768 **** --- 848,857 ---- case ACL_REP_MIME_TYPE: aclParseRegexList(&A->data); break; + case ACL_REP_HEADER: + case ACL_REQ_HEADER: + aclParseHeader(&A->data); + break; case ACL_SRC_ASN: case ACL_MAXCONN: case ACL_DST_ASN: *************** *** 1482,1487 **** --- 1571,1578 ---- case ACL_PROXY_AUTH_REGEX: case ACL_REP_MIME_TYPE: case ACL_REQ_MIME_TYPE: + case ACL_REP_HEADER: + case ACL_REQ_HEADER: case ACL_URLPATH_REGEX: case ACL_URL_PORT: case ACL_URL_REGEX: *************** *** 1702,1707 **** --- 1793,1806 ---- header = ""; return aclMatchRegex(ae->data, header); /* NOTREACHED */ + case ACL_REP_HEADER: + if (!checklist->reply) + return 0; + return aclMatchHeader(ae->data, &checklist->reply->header); + /* NOTREACHED */ + case ACL_REQ_HEADER: + return aclMatchHeader(ae->data, &checklist->request->header); + /* NOTREACHED */ case ACL_EXTERNAL: return aclMatchExternal(ae->data, checklist); /* NOTREACHED */ *************** *** 2172,2177 **** --- 2271,2280 ---- case ACL_REQ_MIME_TYPE: aclDestroyRegexList(a->data); break; + case ACL_REP_HEADER: + case ACL_REQ_HEADER: + aclDestroyHeader(a->data); + break; case ACL_PROTO: case ACL_METHOD: case ACL_SRC_ASN: *************** *** 2587,2592 **** --- 2690,2698 ---- case ACL_REQ_MIME_TYPE: case ACL_REP_MIME_TYPE: return aclDumpRegexList(a->data); + case ACL_REQ_HEADER: + case ACL_REP_HEADER: + return aclDumpHeader(a->data); case ACL_SRC_ASN: case ACL_MAXCONN: case ACL_DST_ASN: Index: squid/src/cache_cf.c diff -c squid/src/cache_cf.c:1.396.2.17 squid/src/cache_cf.c:1.396.2.18 *** squid/src/cache_cf.c:1.396.2.17 Thu Apr 29 17:56:50 2004 --- squid/src/cache_cf.c Sat Sep 25 05:56:16 2004 *************** *** 917,928 **** dump_http_header_access(StoreEntry * entry, const char *name, header_mangler header[]) { int i; for (i = 0; i < HDR_ENUM_END; i++) { ! if (header[i].access_list != NULL) { ! storeAppendPrintf(entry, "%s ", name); ! dump_acl_access(entry, httpHeaderNameById(i), ! header[i].access_list); ! } } } --- 917,936 ---- dump_http_header_access(StoreEntry * entry, const char *name, header_mangler header[]) { int i; + header_mangler *other; for (i = 0; i < HDR_ENUM_END; i++) { ! if (header[i].access_list == NULL) ! continue; ! storeAppendPrintf(entry, "%s ", name); ! dump_acl_access(entry, httpHeaderNameById(i), ! header[i].access_list); ! } ! for (other = header[HDR_OTHER].next; other; other = other->next) { ! if (other->access_list == NULL) ! continue; ! storeAppendPrintf(entry, "%s ", name); ! dump_acl_access(entry, other->name, ! other->access_list); } } *************** *** 944,952 **** else if (strcmp(t, "Other") == 0) id = HDR_OTHER; else if (id == -1) { ! debug(3, 0) ("%s line %d: %s\n", ! cfg_filename, config_lineno, config_input_line); ! debug(3, 0) ("parse_http_header_access: unknown header name %s.\n", t); return; } if (id != HDR_ENUM_END) { --- 952,967 ---- else if (strcmp(t, "Other") == 0) id = HDR_OTHER; else if (id == -1) { ! header_mangler *hdr = header[HDR_OTHER].next; ! while (hdr && strcasecmp(hdr->name, t) != 0) ! hdr = hdr->next; ! if (!hdr) { ! hdr = xcalloc(1, sizeof *hdr); ! hdr->name = xstrdup(t); ! hdr->next = header[HDR_OTHER].next; ! header[HDR_OTHER].next = hdr; ! } ! parse_acl_access(&hdr->access_list); return; } if (id != HDR_ENUM_END) { *************** *** 968,976 **** --- 983,1004 ---- free_http_header_access(header_mangler header[]) { int i; + header_mangler **hdrp; for (i = 0; i < HDR_ENUM_END; i++) { free_acl_access(&header[i].access_list); } + hdrp = &header[HDR_OTHER].next; + while (*hdrp) { + header_mangler *hdr = *hdrp; + free_acl_access(&hdr->access_list); + if (!hdr->replacement) { + *hdrp = hdr->next; + safe_free(hdr->name); + safe_free(hdr); + } else { + hdrp = &hdr->next; + } + } } static void *************** *** 978,989 **** --- 1006,1023 ---- header[]) { int i; + header_mangler *other; for (i = 0; i < HDR_ENUM_END; i++) { if (NULL == header[i].replacement) continue; storeAppendPrintf(entry, "%s %s %s\n", name, httpHeaderNameById(i), header[i].replacement); } + for (other = header[HDR_OTHER].next; other; other = other->next) { + if (other->replacement == NULL) + continue; + storeAppendPrintf(entry, "%s %s %s\n", name, other->name, other->replacement); + } } static void *************** *** 1004,1013 **** else if (strcmp(t, "Other") == 0) id = HDR_OTHER; else if (id == -1) { ! debug(3, 0) ("%s line %d: %s\n", ! cfg_filename, config_lineno, config_input_line); ! debug(3, 0) ("parse_http_header_replace: unknown header name %s.\n", ! t); return; } if (id != HDR_ENUM_END) { --- 1038,1055 ---- else if (strcmp(t, "Other") == 0) id = HDR_OTHER; else if (id == -1) { ! header_mangler *hdr = header[HDR_OTHER].next; ! while (hdr && strcasecmp(hdr->name, t) != 0) ! hdr = hdr->next; ! if (!hdr) { ! hdr = xcalloc(1, sizeof *hdr); ! hdr->name = xstrdup(t); ! hdr->next = header[HDR_OTHER].next; ! header[HDR_OTHER].next = hdr; ! } ! if (hdr->replacement != NULL) ! safe_free(hdr->replacement); ! hdr->replacement = xstrdup(t + strlen(t) + 1); return; } if (id != HDR_ENUM_END) { *************** *** 1027,1036 **** --- 1069,1091 ---- free_http_header_replace(header_mangler header[]) { int i; + header_mangler **hdrp; for (i = 0; i < HDR_ENUM_END; i++) { if (header[i].replacement != NULL) safe_free(header[i].replacement); } + hdrp = &header[HDR_OTHER].next; + while (*hdrp) { + header_mangler *hdr = *hdrp; + free_acl_access(&hdr->access_list); + if (!hdr->access_list) { + *hdrp = hdr->next; + safe_free(hdr->name); + safe_free(hdr); + } else { + hdrp = &hdr->next; + } + } } #endif Index: squid/src/cf.data.pre diff -c squid/src/cf.data.pre:1.245.2.72 squid/src/cf.data.pre:1.245.2.73 *** squid/src/cf.data.pre:1.245.2.72 Sat Aug 14 15:01:33 2004 --- squid/src/cf.data.pre Sat Sep 25 05:56:16 2004 *************** *** 2028,2034 **** acl aclname proto HTTP FTP ... acl aclname method GET POST ... acl aclname browser [-i] regexp ... ! # pattern match on User-Agent header acl aclname referer_regex [-i] regexp ... # pattern match on Referer header # Referer is highly unreliable, so use with care --- 2028,2034 ---- acl aclname proto HTTP FTP ... acl aclname method GET POST ... acl aclname browser [-i] regexp ... ! # pattern match on User-Agent header (see also req_header below) acl aclname referer_regex [-i] regexp ... # pattern match on Referer header # Referer is highly unreliable, so use with care *************** *** 2087,2098 **** # going through proxy farms, so a limit of 1 may cause user problems. acl aclname req_mime_type mime-type1 ... ! # regex match agains the mime type of the request generated # by the client. Can be used to detect file upload or some # types HTTP tunelling requests. # NOTE: This does NOT match the reply. You cannot use this # to match the returned file type. acl aclname rep_mime_type mime-type1 ... # regex match against the mime type of the reply recieved by # squid. Can be used to detect file download or some --- 2087,2103 ---- # going through proxy farms, so a limit of 1 may cause user problems. acl aclname req_mime_type mime-type1 ... ! # regex match against the mime type of the request generated # by the client. Can be used to detect file upload or some # types HTTP tunelling requests. # NOTE: This does NOT match the reply. You cannot use this # to match the returned file type. + acl aclname req_header header-name [-i] any\.regex\.here + # regex match against any of the known request headers. May be + # thought of as a superset of "browser", "referer" and "mime-type" + # acls. + acl aclname rep_mime_type mime-type1 ... # regex match against the mime type of the reply recieved by # squid. Can be used to detect file download or some *************** *** 2101,2106 **** --- 2106,2117 ---- # effect in rules that affect the reply data stream such as # http_reply_access. + acl aclname rep_header header-name [-i] any\.regex\.here + # regex match against any of the known response headers. + # Example: + # + # acl many_spaces rep_header Content-Disposition -i [[:space:]]{3,} + acl acl_name external class_name [arguments...] # external ACL lookup via a helper class defined by the # external_acl_type directive. Index: squid/src/enums.h diff -c squid/src/enums.h:1.203.2.11 squid/src/enums.h:1.203.2.12 *** squid/src/enums.h:1.203.2.11 Wed Sep 1 07:55:47 2004 --- squid/src/enums.h Sat Sep 25 05:56:16 2004 *************** *** 134,139 **** --- 134,141 ---- ACL_MAXCONN, ACL_REQ_MIME_TYPE, ACL_REP_MIME_TYPE, + ACL_REP_HEADER, + ACL_REQ_HEADER, ACL_MAX_USER_IP, ACL_EXTERNAL, ACL_URLLOGIN, Index: squid/src/structs.h diff -c squid/src/structs.h:1.408.2.25 squid/src/structs.h:1.408.2.26 *** squid/src/structs.h:1.408.2.25 Sat Jul 17 16:37:30 2004 --- squid/src/structs.h Sat Sep 25 05:56:16 2004 *************** *** 88,93 **** --- 88,100 ---- void *acl_data; }; + struct _acl_hdr_data { + acl_hdr_data *next; + relist *reglist; + http_hdr_type hdr_id; + const char *hdr_name; + }; + struct _auth_user_hash_pointer { /* first two items must be same as hash_link */ char *key; *************** *** 214,219 **** --- 221,229 ---- struct _header_mangler { acl_access *access_list; char *replacement; + /* What follows is only used by HDR_OTHER to build a list of named headers */ + char *name; + header_mangler *next; }; struct _body_size { Index: squid/src/typedefs.h diff -c squid/src/typedefs.h:1.132.2.4 squid/src/typedefs.h:1.132.2.5 *** squid/src/typedefs.h:1.132.2.4 Wed Feb 4 10:42:29 2004 --- squid/src/typedefs.h Sat Sep 25 05:56:16 2004 *************** *** 66,71 **** --- 66,72 ---- typedef struct _auth_user_hash_pointer auth_user_hash_pointer; typedef struct _auth_user_ip_t auth_user_ip_t; typedef struct _acl_proxy_auth_match_cache acl_proxy_auth_match_cache; + typedef struct _acl_hdr_data acl_hdr_data; typedef struct _authscheme_entry authscheme_entry_t; typedef struct _authScheme authScheme; typedef struct _acl_user_data acl_user_data;

AltStyle によって変換されたページ (->オリジナル) /