#126 Add hostname to unsuccessful limit-connect{}

closed-accepted
Fabian Keil
None
5
2011-05-03
2011-05-02
saperski
No

I am using "advanced" default match-all rule, which prohibits all SSL sites.
I am adding manually -limit-connect{443} for sites I want to access. If the website
is not on the list, the message give in this:

801808000 Info: Request from ::1 marked for blocking. limit-connect{,} doesn't allow CONNECT requests to port 443.

I'd like to know what's the hostname accessed, though, so I can add it to the whitelist.

The patch below changes the log message to:

801809c00 Info: Request from ::1 marked for blocking. limit-connect{,} doesn't allow CONNECT requests to static.sourceforge.net:443

Index: jcc.c

RCS file: /cvsroot/ijbswa/current/jcc.c,v
retrieving revision 1.350
diff -u -r1.350 jcc.c
--- jcc.c 26 Apr 2011 16:55:08 -0000 1.350
+++ jcc.c 2 May 2011 13:52:22 -0000
@@ -1599,8 +1599,8 @@
csp->action->string[ACTION_STRING_LIMIT_CONNECT];
assert(NULL != acceptable_connect_ports);
log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
- "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
- csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
+ "limit-connect{%s} doesn't allow CONNECT requests to %s",
+ csp->ip_addr_str, acceptable_connect_ports, csp->http->hostport);
csp->action->flags |= ACTION_BLOCK;
http->ssl = 0;
}

Discussion

  • saperski
    saperski
    2011-05-02

    patch against /cvsroot/ijbswa/current/jcc.c, rev. 1.350

     
    Attachments
  • Fabian Keil
    Fabian Keil
    2011-05-03

    Thanks for the patch. Committed.

     
  • Fabian Keil
    Fabian Keil
    2011-05-03

    • assigned_to: nobody --> fabiankeil
    • status: open --> closed-accepted