[squid-users] Referer ACL

I wanted a referer acl for my rev-proxy. If anyone else wants it, here's
a patch against 2.4s3. It should apply to 2.5 without too much pain and
suffering.

        -- Brian

diff -ur squid-2.4.STABLE3/src/acl.c squid-2.4.STABLE3.new/src/acl.c
--- squid-2.4.STABLE3/src/acl.c Tue Aug 21 01:55:47 2001
+++ squid-2.4.STABLE3.new/src/acl.c Thu Dec 20 23:39:53 2001
@@ -194,6 +194,10 @@
        return ACL_METHOD;
     if (!strcmp(s, "browser"))
        return ACL_BROWSER;
+ if (!strcmp(s, "referer"))
+ return ACL_REFERER;
+ if (!strcmp(s, "referrer"))
+ return ACL_REFERER;
     if (!strcmp(s, "proxy_auth"))
        return ACL_PROXY_AUTH;
     if (!strcmp(s, "proxy_auth_regex"))
@@ -258,6 +262,8 @@
        return "method";
     if (type == ACL_BROWSER)
        return "browser";
+ if (type == ACL_REFERER)
+ return "referer";
     if (type == ACL_PROXY_AUTH)
        return "proxy_auth";
     if (type == ACL_PROXY_AUTH_REGEX)
@@ -719,6 +725,7 @@
     case ACL_URL_REGEX:
     case ACL_URLPATH_REGEX:
     case ACL_BROWSER:
+ case ACL_REFERER:
     case ACL_SRC_DOM_REGEX:
     case ACL_DST_DOM_REGEX:
        aclParseRegexList(&A->data);
@@ -1485,6 +1492,12 @@
            return 0;
        return aclMatchRegex(ae->data, browser);
        /* NOTREACHED */
+ case ACL_REFERER:
+ header = httpHeaderGetStr(&checklist->request->header,
HDR_REFERER);
+ if (NULL == header)
+ return 0;
+ return aclMatchRegex(ae->data, header);
+ /* NOTREACHED */
     case ACL_PROXY_AUTH:
     case ACL_PROXY_AUTH_REGEX:
        if (NULL == r) {
@@ -1933,6 +1946,7 @@
        case ACL_URL_REGEX:
        case ACL_URLPATH_REGEX:
        case ACL_BROWSER:
+ case ACL_REFERER:
        case ACL_SRC_DOM_REGEX:
        case ACL_DST_DOM_REGEX:
            aclDestroyRegexList(a->data);
@@ -2257,6 +2271,7 @@
     case ACL_URL_REGEX:
     case ACL_URLPATH_REGEX:
     case ACL_BROWSER:
+ case ACL_REFERER:
     case ACL_SRC_DOM_REGEX:
     case ACL_DST_DOM_REGEX:
        return aclDumpRegexList(a->data);
diff -ur squid-2.4.STABLE3/src/cf.data.pre
squid-2.4.STABLE3.new/src/cf.data.pre--- squid-2.4.STABLE3/src/cf.data.pre
  Wed Apr 4 03:01:12 2001
+++ squid-2.4.STABLE3.new/src/cf.data.pre Thu Dec 20 23:44:28 2001
@@ -1624,7 +1624,7 @@
        when using "file", the file should contain one item per line

        acltype is one of src dst srcdomain dstdomain url_pattern
- urlpath_pattern time port proto method browser user
+ urlpath_pattern time port proto method browser referer user

        By default, regular expressions are CASE-SENSITIVE. To make
        them case-insensitive, use the -i option.
@@ -1661,6 +1661,9 @@
        acl aclname method GET POST ...
        acl aclname browser [-i] regexp
          # pattern match on User-Agent header
+ acl aclname referer [-i] regexp
+ # pattern match on Referer header
+ # Referer is highly unreliable, so use with care
        acl aclname ident username ...
        acl aclname ident_regex [-i] pattern ...
          # string match on ident output.
diff -ur squid-2.4.STABLE3/src/enums.h squid-2.4.STABLE3.new/src/enums.h
--- squid-2.4.STABLE3/src/enums.h Thu Jan 11 19:51:47 2001
+++ squid-2.4.STABLE3.new/src/enums.h Thu Dec 20 23:31:30 2001
@@ -113,6 +113,7 @@
     ACL_PROTO,
     ACL_METHOD,
     ACL_BROWSER,
+ ACL_REFERER,
     ACL_PROXY_AUTH,
     ACL_PROXY_AUTH_REGEX,
     ACL_SRC_ASN,
Received on Thu Dec 20 2001 - 23:30:45 MST