Bug in passthrough code

From: Arjan de Vet <Arjan.deVet@dont-contact.us>
Date: Fri, 31 Jan 1997 17:45:18 +0100 (MET)

The passthrough code does not take into account firewall_ip_list
correctly. When POSTing to an internal host (which is on the
firewall_ip_list) it tries the passthrough_proxy and mine is a
firewall which does not allow connections back into the internal
network, so it fails.

This patch for 1.1.5 seems to fix it:

--- pass.c.orig Fri Jan 31 16:45:41 1997
+++ pass.c Fri Jan 31 17:38:23 1997
@@ -594,9 +594,19 @@
     edge *g = NULL;
     int fw_ip_match = IP_ALLOW;
     if (ia && Config.firewall_ip_list)
+ /* this returns IP_DENY when the address is in the firewall_ip_list */
         fw_ip_match = ip_access_check(ia->in_addrs[ia->cur], Config.firewall_ip_list);
     if ((e = Config.passProxy)) {
+ if (fw_ip_match == IP_ALLOW) {
+ /* not in firewall_ip_list, use passthrough proxy */
         hierarchyNote(request, HIER_PASS_PARENT, 0, e->host);
+ debug(39, 3, "hierarchyNote: pass_parent %s\n", e->host);
+ } else {
+ /* in firewall_ip_list, direct */
+ hierarchyNote(request, HIER_DIRECT, 0, request->host);
+ debug(39, 3, "hierarchyNote: direct %s\n", request->host);
+ e = NULL; /* XXX, this is fake */
+ }
     } else if (matchInsideFirewall(request->host)) {
         hierarchyNote(request, HIER_DIRECT, 0, request->host);
     } else if (fw_ip_match == IP_DENY) {

Arjan

-- 
Ir. Arjan de Vet     Intranet-URL: http://www.cis.philips.com/home/Arjan.deVet/
E-mail: Arjan.deVet@nl.cis.philips.com         Tel/Fax: (+31 40 27) 86335/83962
Origin IT Systems Management/Nederland BV, TS-InS - Intranet Services
Building VN 5.07, P.O. Box 218, 5600 MD  Eindhoven, The Netherlands
Received on Fri Jan 31 1997 - 08:57:44 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:13 MST