I am using "advanced" default match-all rule, which prohibits all SSL sites.
I am adding manually -limit-connect{443} for sites I want to access. If the website
is not on the list, the message give in this:
801808000 Info: Request from ::1 marked for blocking. limit-connect{,} doesn't allow CONNECT requests to port 443.
I'd like to know what's the hostname accessed, though, so I can add it to the whitelist.
The patch below changes the log message to:
801809c00 Info: Request from ::1 marked for blocking. limit-connect{,} doesn't allow CONNECT requests to static.sourceforge.net:443
RCS file: /cvsroot/ijbswa/current/jcc.c,v
retrieving revision 1.350
diff -u -r1.350 jcc.c
--- jcc.c 26 Apr 2011 16:55:08 -0000 1.350
+++ jcc.c 2 May 2011 13:52:22 -0000
@@ -1599,8 +1599,8 @@
csp->action->string[ACTION_STRING_LIMIT_CONNECT];
assert(NULL != acceptable_connect_ports);
log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
- "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
- csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
+ "limit-connect{%s} doesn't allow CONNECT requests to %s",
+ csp->ip_addr_str, acceptable_connect_ports, csp->http->hostport);
csp->action->flags |= ACTION_BLOCK;
http->ssl = 0;
}
patch against /cvsroot/ijbswa/current/jcc.c, rev. 1.350
Thanks for the patch. Committed.