httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r932927 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_proxy_connect.xml modules/proxy/mod_proxy_connect.c
Date Sun, 11 Apr 2010 15:54:03 GMT
Author: sf
Date: Sun Apr 11 15:54:02 2010
New Revision: 932927

URL: http://svn.apache.org/viewvc?rev=932927&view=rev
Log:
mod_proxy_connect: Support port ranges in AllowConnect

PR: 23673

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/docs/manual/mod/mod_proxy_connect.xml
    httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=932927&r1=932926&r2=932927&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sun Apr 11 15:54:02 2010
@@ -28,6 +28,9 @@ Changes with Apache 2.3.7
      processing is completed, avoiding orphaned callback pointers.
      [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
 
+  *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
+     [Stefan Fritsch]
+
   *) Proxy balancer: support setting error status according to HTTP response
      code from a backend.  PR 48939.  [Daniel Ruggeri <DRuggeri primary.net>]
 

Modified: httpd/httpd/trunk/docs/manual/mod/mod_proxy_connect.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy_connect.xml?rev=932927&r1=932926&r2=932927&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_proxy_connect.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_proxy_connect.xml Sun Apr 11 15:54:02 2010
@@ -58,16 +58,18 @@
 <name>AllowCONNECT</name>
 <description>Ports that are allowed to <code>CONNECT</code> through the
 proxy</description>
-<syntax>AllowCONNECT <var>port</var> [<var>port</var>] ...</syntax>
+<syntax>AllowCONNECT <var>port</var>[-<var>port</var>]
+[<var>port</var>[-<var>port</var>]] ...</syntax>
 <default>AllowCONNECT 443 563</default>
 <contextlist><context>server config</context><context>virtual host</context>
 </contextlist>
-<compatibility>Moved from <module>mod_proxy</module> in Apache 2.3.5.</compatibility>
+<compatibility>Moved from <module>mod_proxy</module> in Apache 2.3.5.
+Port ranges available since Apache 2.3.7.</compatibility>
 
 <usage>
     <p>The <directive>AllowCONNECT</directive> directive specifies a list
-    of port numbers to which the proxy <code>CONNECT</code> method may
-    connect.  Today's browsers use this method when a <code>https</code>
+    of port numbers or ranges to which the proxy <code>CONNECT</code> method
+    may connect.  Today's browsers use this method when a <code>https</code>
     connection is requested and proxy tunneling over HTTP is in effect.</p>
 
     <p>By default, only the default https port (<code>443</code>) and the

Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c?rev=932927&r1=932926&r2=932927&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_connect.c Sun Apr 11 15:54:02 2010
@@ -50,10 +50,15 @@ typedef struct {
     apr_array_header_t *allowed_connect_ports;
 } connect_conf;
 
+typedef struct {
+    int first;
+    int last;
+} port_range;
+
 static void *create_config(apr_pool_t *p, server_rec *s)
 {
     connect_conf *c = apr_pcalloc(p, sizeof(connect_conf));
-    c->allowed_connect_ports = apr_array_make(p, 10, sizeof(int));
+    c->allowed_connect_ports = apr_array_make(p, 10, sizeof(port_range));
     return c;
 }
 
@@ -78,15 +83,33 @@ static const char *
     set_allowed_ports(cmd_parms *parms, void *dummy, const char *arg)
 {
     server_rec *s = parms->server;
+    int first, last;
     connect_conf *conf =
         ap_get_module_config(s->module_config, &proxy_connect_module);
-    int *New;
+    port_range *New;
+    char *endptr;
+    const char *p = arg;
 
     if (!apr_isdigit(arg[0]))
-        return "AllowCONNECT: port number must be numeric";
+        return "AllowCONNECT: port numbers must be numeric";
+
+    first = strtol(p, &endptr, 10);
+    if (*endptr == '-') {
+        p = endptr + 1;
+        last = strtol(p, &endptr, 10);
+    }
+    else {
+        last = first;
+    }
+
+    if (endptr == p || *endptr != '\0')  {
+        return apr_psprintf(parms->temp_pool,
+                            "Cannot parse '%s' as port number", p);
+    }
 
     New = apr_array_push(conf->allowed_connect_ports);
-    *New = atoi(arg);
+    New->first = first;
+    New->last  = last;
     return NULL;
 }
 
@@ -94,16 +117,16 @@ static const char *
 static int allowed_port(connect_conf *conf, int port)
 {
     int i;
-    int *list = (int *) conf->allowed_connect_ports->elts;
+    port_range *list = (port_range *) conf->allowed_connect_ports->elts;
     
-    if(apr_is_empty_array(conf->allowed_connect_ports)){
+    if (apr_is_empty_array(conf->allowed_connect_ports)){
         return port == APR_URI_HTTPS_DEFAULT_PORT
                || port == APR_URI_SNEWS_DEFAULT_PORT;
     }
 
-    for(i = 0; i < conf->allowed_connect_ports->nelts; i++) {
-    if(port == list[i])
-        return 1;
+    for (i = 0; i < conf->allowed_connect_ports->nelts; i++) {
+        if (port >= list[i].first && port <= list[i].last)
+            return 1;
     }
     return 0;
 }
@@ -496,7 +519,7 @@ static void ap_proxy_connect_register_ho
 static const command_rec cmds[] =
 {
     AP_INIT_ITERATE("AllowCONNECT", set_allowed_ports, NULL, RSRC_CONF,
-     "A list of ports which CONNECT may connect to"),
+     "A list of ports or port ranges which CONNECT may connect to"),
     {NULL}
 };
 



Mime
View raw message