Index: src/acl.c =================================================================== RCS file: /server/cvs-server/squid/squid/src/acl.c,v retrieving revision 1.270.2.21 diff -u -p -r1.270.2.21 acl.c --- src/acl.c 15 Jan 2004 07:43:57 -0000 1.270.2.21 +++ src/acl.c 25 Jan 2004 23:15:20 -0000 @@ -837,6 +837,12 @@ because no authentication schemes are fu memFree(A, MEM_ACL); return; } + if (strcmp(A->name, "all") == 0) { + if (A->type != ACL_SRC_IP || !aclMatchIp(&A->data, no_addr)) { + debug(28, 0) ("aclParseAclLine: Warning acl 'all' redefined: %s\n", + A->cfgline); + } + } /* append */ while (*head) head = &(*head)->next; @@ -2602,6 +2608,33 @@ aclPurgeMethodInUse(acl_access * a) return 0; } +/* + * This function checks if the access list looks like an "allow all" + * list. Returns TRUE if it does, otherwise FALSE. + */ +int +aclCheckOpen(acl_access *a) +{ + acl_list *b; + int ok = 0; + for (; a; a = a->next) { + if (!a->allow) + continue; + ok = 0; + for (b = a->acl_list; b; b = b->next) { + switch (b->acl->type) { + case ACL_SRC_IP: + if (aclMatchIp(&b->acl->data, no_addr) == 0) + ok = 1; + break; + default: + ok = 1; + break; + } + } + } + return !ok; +} #if USE_ARP_ACL /* ==== BEGIN ARP ACL SUPPORT ============================================= */ Index: src/cache_cf.c =================================================================== RCS file: /server/cvs-server/squid/squid/src/cache_cf.c,v retrieving revision 1.396.2.16 diff -u -p -r1.396.2.16 cache_cf.c --- src/cache_cf.c 6 Dec 2003 17:19:36 -0000 1.396.2.16 +++ src/cache_cf.c 25 Jan 2004 23:15:21 -0000 @@ -289,6 +289,8 @@ configDoConfigure(void) /* Sanity checks */ if (Config.cacheSwap.swapDirs == NULL) fatal("No cache_dir's specified in config file"); + if (aclCheckOpen(Config.accessList.http)) + fatal("Covardly refusing to start as an open proxy.\nPlease configure your http_access rules properly."); /* calculate Config.Swap.maxSize */ storeDirConfigure(); if (0 == Config.Swap.maxSize) Index: src/protos.h =================================================================== RCS file: /server/cvs-server/squid/squid/src/protos.h,v retrieving revision 1.420.2.21 diff -u -p -r1.420.2.21 protos.h --- src/protos.h 14 Dec 2003 12:30:37 -0000 1.420.2.21 +++ src/protos.h 25 Jan 2004 23:15:23 -0000 @@ -75,6 +75,7 @@ extern wordlist *aclDumpGeneric(const ac extern int aclPurgeMethodInUse(acl_access *); extern void aclCacheMatchFlush(dlink_list * cache); extern int aclAuthenticated(aclCheck_t * checklist); +extern int aclCheckOpen(acl_access *); /* * cache_cf.c