📄 connectionhandler.cpp
字号:
} else if (o.max_upload_size > -1) { if ((*header).isPostUpload()) { #ifdef DGDEBUG std::cout << "is post upload" << std::endl; #endif if (o.max_upload_size == 0) { (*checkme).whatIsNaughty = o.language_list.getTranslation(700); // Web upload is banned. (*checkme).whatIsNaughtyLog = (*checkme).whatIsNaughty; (*checkme).isItNaughty = true; (*ispostblock) = true; } else if ((*header).contentlength() > o.max_upload_size) { (*checkme).whatIsNaughty = o.language_list.getTranslation(701); // Web upload limit exceeded. (*checkme).whatIsNaughtyLog = (*checkme).whatIsNaughty; (*checkme).isItNaughty = true; (*ispostblock) = true; } } } }}bool ConnectionHandler::isIPHostnameStrip(String url) { url.removePTP(); // chop off the ht(f)tp(s):// if (url.contains("/")) { url = url.before("/"); // chop off any path after the domain } return (*o.fg[0]).isIPHostname(url);}int ConnectionHandler::determineGroup(std::string *user) { String u = (*user).c_str(); if (u.length() < 1 || u == "-") { return -1; } String ue = u; ue += "="; char *i = o.filter_groups_list.findStartsWithPartial(ue.toCharArray()); if (i == NULL) { #ifdef DGDEBUG std::cout << "User not in filter groups list:" << ue << std::endl; #endif return -1; } #ifdef DGDEBUG std::cout << "User found:" << i << std::endl; #endif ue = i; if (ue.before("=") == u) { ue = ue.after("=filter"); int l = ue.length(); if (l < 1 || l > 2) { return -1; } int g = ue.toInteger(); if (g > o.numfg) { return -1; } if (g > 0) { g--; } return g; } return -1;}// based on patch by Aecio F. Neto (afn@harvest.com.br) - Harvest Consultoria (http://www.harvest.com.br)bool ConnectionHandler::denyAccess (Socket *peerconn, Socket *proxysock, HTTPHeader *header, HTTPHeader *docheader, String *url, NaughtyFilter *checkme, std::string *clientuser, std::string *clientip, int filtergroup, bool ispostblock) { try { // writestring throws exception on error/timeout if (o.reporting_level == 3) { (*proxysock).close(); // finished with proxy (*peerconn).readyForOutput(10); if ((*header).requesttype().startsWith("CONNECT")) { if (o.preemptive_banning == 1) { String redirhttps = (*url).after("://"); if (!redirhttps.contains("/")) { redirhttps += "/"; } redirhttps = "http://" + redirhttps; // The idea is that redirecting it back to the http page // of itself will also get blocked but won't confuse the // browser when it gets unencrypted content try { // writestring throws exception on error/timeout String writestring = "HTTP/1.0 302 Redirect\nLocation: "; writestring += redirhttps; writestring += "\n\n"; (*peerconn).writeString(writestring.toCharArray()); } catch (exception& e) {} } else { // if preemptive banning is not in place then a redirect // is not guaranteed to ban the site so we have to write // an access denied page. Unfortunately IE does not // work with access denied pages on SSL more than a few // hundred bytes so we have to use a crap boring one // instead. Nothing can be done about it - blame // mickysoft. String writestring = "HTTP/1.0 403 "; writestring += o.language_list.getTranslation(500); // banned site writestring += "\nContent-Type: text/html\n\n<HTML><HEAD><TITLE>DansGuardian - "; writestring += o.language_list.getTranslation(500); // banned site writestring += "</TITLE></HEAD><BODY><H1>DansGuardian - "; writestring += o.language_list.getTranslation(500); // banned site writestring += "</H1>"; writestring += (*url); writestring += "</BODY></HTML>\n"; try { // writestring throws exception on error/timeout (*peerconn).writeString(writestring.toCharArray()); } catch (exception& e) {} } } else { bool replaceimage = false; if (o.use_custom_banned_image == 1) { // It would be much nicer to do a mime comparison // and see if the type is image/* but the header // never (almost) gets back from squid because // it gets denied before then. // This method is prone to over image replacement // but will work most of the time. String lurl = (*url); lurl.toLower(); if (lurl.endsWith(".gif") || lurl.endsWith(".jpg") || lurl.endsWith(".jpeg") || lurl.endsWith(".jpe") || lurl.endsWith(".png") || lurl.endsWith(".bmp") || (*docheader).iscontenttype("image/")) { replaceimage = true; } } if (replaceimage) { (*peerconn).writeString("HTTP/1.0 200 OK\n"); o.banned_image.display(peerconn); } else {//Mod by Ernest W Lessenger Mon 2nd February 2004//Other bypass code mostly written by Ernest also String hashed; if ((*o.fg[filtergroup]).bypass_mode != 0 && !ispostblock) { hashed = hashedURL(url, filtergroup, clientip); } (*peerconn).writeString("HTTP/1.0 200 OK\nPragma: no-cache\nCache-control: no-cache\nContent-type: text/html\n\n"); o.html_template.display(peerconn, (*url).toCharArray(), (*checkme).whatIsNaughty.c_str(), (*checkme).whatIsNaughtyLog.c_str(), (*clientuser).c_str(), (*clientip).c_str(), String(filtergroup + 1), hashed.toCharArray() ); } } } else if (o.reporting_level > 0) { (*proxysock).close(); // finshed with proxy (*peerconn).readyForOutput(10); if ((*checkme).whatIsNaughty.length() > 2048) { (*checkme).whatIsNaughty = String((*checkme).whatIsNaughty.c_str()).subString(0, 2048).toCharArray(); } if ((*checkme).whatIsNaughtyLog.length() > 2048) { (*checkme).whatIsNaughtyLog = String((*checkme).whatIsNaughtyLog.c_str()).subString(0, 2048).toCharArray(); } String writestring = "HTTP/1.0 302 Redirect\n"; writestring += "Location: "; writestring += o.access_denied_address.c_str(); if (o.non_standard_delimiter == 1) { writestring += "?DENIEDURL=="; writestring += miniURLEncode((*url).toCharArray()).c_str(); writestring += "::IP=="; writestring += (*clientip).c_str(); writestring += "::USER=="; writestring += (*clientuser).c_str(); if ((*o.fg[filtergroup]).bypass_mode != 0 && !ispostblock) { //String timecode(time(NULL) + 300); // String hashed = (*url).md5(std::string((*o.fg[filtergroup]).magic + timecode.toCharArray()).c_str()); //hashed += timecode; writestring += "::HASH=="; writestring += hashedURL(url, filtergroup, clientip).after("GBYPASS=").toCharArray(); } writestring += "::REASON=="; } else { writestring += "?DENIEDURL="; writestring += miniURLEncode((*url).toCharArray()).c_str(); writestring += "&IP="; writestring += (*clientip).c_str(); writestring += "&USER="; writestring += (*clientuser).c_str(); if ((*o.fg[filtergroup]).bypass_mode != 0 && !ispostblock) { //String timecode(time(NULL) + 300); //String hashed = (*url).md5(std::string((*o.fg[filtergroup]).magic + timecode.toCharArray()).c_str()); //hashed += timecode; writestring += "&HASH="; writestring += hashedURL(url, filtergroup, clientip).after("GBYPASS=").toCharArray(); } writestring += "&REASON="; } if (o.reporting_level == 1) { writestring += miniURLEncode((*checkme).whatIsNaughty).c_str(); } else { writestring += miniURLEncode((*checkme).whatIsNaughtyLog).c_str(); } writestring += "\n\n"; (*peerconn).writeString(writestring.toCharArray()); #ifdef DGDEBUG // debug stuff surprisingly enough std::cout << "******* redirecting to:" << std::endl; std::cout << writestring << std::endl; std::cout << "*******" << std::endl; #endif } else if (o.reporting_level == 0) { (*proxysock).close(); // finshed with proxy String writestring = "HTTP/1.0 200 OK\n"; writestring += "Content-type: text/html\n\n"; writestring += "<HTML><HEAD><TITLE>DansGuardian - "; writestring += o.language_list.getTranslation(1); // access denied writestring += "</TITLE></HEAD><BODY><CENTER><H1>DansGuardian - "; writestring += o.language_list.getTranslation(1); // access denied writestring += "</H1></CENTER></BODY></HTML>"; (*peerconn).readyForOutput(10); (*peerconn).writeString(writestring.toCharArray()); #ifdef DGDEBUG // debug stuff surprisingly enough std::cout << "******* displaying:" << std::endl; std::cout << writestring << std::endl; std::cout << "*******" << std::endl; #endif } else if (o.reporting_level == -1) { // stealth (*checkme).isItNaughty = false; // dont block } } catch (exception& e) {} if ((*checkme).isItNaughty) { // not stealth mode then try { (*peerconn).readyForOutput(10); //as best a flush as I can } catch (exception& e) {} try { (*proxysock).close(); // close connection to proxy } catch (exception& e) {} return true; // we said no, so return true saying exit } return false;}String ConnectionHandler::hashedURL(String *url, int filtergroup, std::string *clientip) { String timecode(time(NULL) + (*o.fg[filtergroup]).bypass_mode); String magic = (*o.fg[filtergroup]).magic.c_str(); magic += (*clientip).c_str(); magic += timecode; String res = "GBYPASS="; if (!(*url).after("://").contains("/")) { String newurl = (*url); newurl += "/"; res += newurl.md5(magic.toCharArray()); } else { res += (*url).md5(magic.toCharArray()); } res += timecode; return res;}String ConnectionHandler::hashedCookie(String *url, int filtergroup, std::string *clientip, int bypasstimestamp) { String timecode(bypasstimestamp); String magic = (*o.fg[filtergroup]).cookie_magic.c_str(); magic += (*clientip).c_str(); magic += timecode; String res = (*url).md5(magic.toCharArray()); res += timecode; #ifdef DGDEBUG std::cout << "hashedCookie=" << res << std::endl; #endif return res;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -