From f241fef575e57572ff082358c3d09bae0a72d3bd Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Fri, 26 May 2023 15:54:09 +0200 Subject: [PATCH] For proxy::type web, automatically add proxy::mask to exceptions for blacklist, connect-flood, handshake-data-flood (Well, unless mask::ip is used with a wildcard, due to current technical limitations, that will be resolved later) --- src/conf.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/conf.c b/src/conf.c index ba8cbbc9e..5e5d83e0f 100644 --- a/src/conf.c +++ b/src/conf.c @@ -4505,6 +4505,28 @@ int _conf_proxy(ConfigFile *conf, ConfigEntry *ce) AddListItem(proxy, conf_proxy); + /* For proxy type web, we automatically add the host to except ban { } + * for blacklist, connect-flood, handshake-data-flood + */ + if (proxy->type == PROXY_WEB) + { + ConfigItem_mask *m; + NameList *n; + for (m = proxy->mask->mask; m; m = m->next) + { + tkl_add_banexception(TKL_EXCEPTION, "*", m->mask, NULL, "proxy { } block", + "-config-", 0, TStime(), 0, "bcd", TKL_FLAG_CONFIG); + } + for (n = proxy->mask->ip; n; n = n->next) + { + char ip[64]; + if (strchr(n->name, '*') || strchr(n->name, '?')) + continue; /* we are not this advanced yet ;) */ + tkl_add_banexception(TKL_EXCEPTION, "*", n->name, NULL, "proxy { } block", + "-config-", 0, TStime(), 0, "bcd", TKL_FLAG_CONFIG); + } + } + return 1; }