Re: [squid-users] Port -1 from Amos Jeffries on 2008-09-09 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 10 Sep 2008 14:59:25 +1200 (NZST)

>
> Further details as to how that can be accomplished or pointers to
> references
> would be very helpful. Have you ever had to such a patch, if so sharing
> your experinlences would be invaluable.
>

Are you seing "urlParse: Deny access to port " in your logs?
If yes, find that text in src/url.cc and change the #if to a "#if 0"

If no, the following might be useful. It's supposed to ignore the port and
use default port for the protocol being requested. It's an HTTP violation
as the request from a client known to be this badly broken is not supposed
to be forwarded to the net in general.
(this is for 3-HEAD, 2.x may need some adjustment )

=== modified file 'src/url.cc'
--- src/url.cc 2008-09-03 04:42:27 +0000
+++ src/url.cc 2008-09-10 02:51:55 +0000
@@ -322,7 +322,16 @@

         if (t && *t == ':') {
             *t = '\0'; t++;
- port = atoi(t);
+#if HTTP_VIOLATIONS
+ /* got a negative port number. ignore its presence. */
+ if(*t == '-') {
+ debugs(23, 0, "WARNING: client sent a negative port
number in '" << url << "'. Ignoring the port.");
+ *t='\0'; t++;
+ port = 0;
+ }
+ else
+#endif /* HTTP_VIOLATIONS */
+ port = atoi(t);
         }
     }

to use, patch squid and ./configure --enable-http-violations

Maybe alter the default port=0 value if you want a specific port, but be
aware that the parser is schema-neutral at this point and URL ports apply
equally to http://, https://, ftp:// , and others.

Amos

>
>
> Adrian Chadd-3 wrote:
>>
>> Then patch Squid to convert a -1 port to another port.
>>
>>
>>
>> Adrian
>>
>> 2008/9/10 rsoza <rsoza_at_site-controls.com>:
>>>
>>> Thanks, but not an option.
>>>
>>>
>>> Amos Jeffries-2 wrote:
>>>>
>>>>>
>>>>> I have a legacy piece of code that is attempting to go through the
>>>>> proxy
>>>>> using the following port -1:
>>>>>
>>>>> http://www.server.com:-1/test/
>>>>>
>>>>> Squid is setup as transparent but still blocking the -1 port.
>>>>> Any suggestions to allow this port to go through the proxy?
>>>>
>>>> Patch/crack the application to use a valid port number.
>>>>
>>>> Amos
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Port--1-tp19403924p19404624.html
>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>>
>>>
>>
>>
>
> --
> View this message in context:
> http://www.nabble.com/Port--1-tp19403924p19404834.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
>
>
Received on Wed Sep 10 2008 - 02:59:33 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 10 2008 - 12:00:03 MDT