bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2025-04-20 11:12:10 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
789 Commits 5 Branches 30 Tags 2.7 MiB
0acd2e55e1
Commit Graph

96 Commits

Author SHA1 Message Date
Vladimir Dubrovin
013d4bc333 tlspr (SNI proxy) implemented 
Options -cN - level of TLS check
default - allow non-TLS traffic
1 - require TLS, only check client HELLO packet
2 - require TLS, check both client and server HELLO
3 - require TLS, check server send certificate (not compatible with TLS 1.3)
4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
-P - default port

examples:

1.
tlspr -p1443 -P443 -c1
(port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host

2.
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * * CONNECT
parent 1000 tls 0.0.0.0 0
deny * * some.not.allowed.host
allow *
socks

attempts to take destination hostname from SNI in SOCKS
 2024-05-20 13:01:38 +03:00
Vladimir Dubrovin
161cbbd452 fix crash on insufficient memory 2024-02-18 23:54:31 +03:00
Vladimir Dubrovin
375e3a74d0 call local socket function 2024-02-18 19:41:45 +03:00
Vladimir Dubrovin
8198db8617 adding state to socket functions 2024-02-17 17:31:25 +03:00
Vladimir Dubrovin
5f341806b7 Deadloc on traffcount fixed 2023-07-13 13:13:36 +03:00
Vladimir Dubrovin
6532163f01 Fix connlim issues 2023-04-26 15:04:00 +03:00
Vladimir Dubrovin
f53b0eb985 fix invalid length in previous commit 2021-11-25 12:21:06 +03:00
Vladimir Dubrovin
bd1dcacf73 Fix domain name reply processing on connect request for parent proxy 2021-11-24 22:53:14 +03:00
Vladimir Dubrovin
e1448b9eb1 connlim error code corrected (should return 10) 2021-11-24 18:22:04 +03:00
Vladimir Dubrovin
70b14394b0 Change minumum DNS cache time to 1 sec 2021-10-30 13:43:20 +03:00
Vladimir Dubrovin
daa2b74354 Merge branch 'master' of https://github.com/3proxy/3proxy 2021-10-21 19:57:06 +03:00
Vladimir Dubrovin
f9347c2f8b Allow all-zero IP and port for BIND and UDP ASSOC 2021-10-21 19:56:09 +03:00
z3apa3a
e1b4e50242 Copyright update 2021-07-02 11:50:33 +03:00
Vladimir Dubrovin
7335bc2fb6 Do not change error code >10 on redirection 2021-04-29 14:01:07 +03:00
z3apa3a
cc2979ee5b use uint16 instead of char 2021-04-22 11:26:18 +03:00
z3apa3a
bad85a3d51 Support IPv6 subnets in parent extip 2021-04-21 20:39:57 +03:00
z3APA3A
c30065256f Use so._closesocket instead of socket (compilation issues on non-Windows) 2021-01-20 17:55:09 +03:00
z3APA3A
cbe0c2f511 parentretries command added 2021-01-19 14:40:18 +03:00
z3APA3A
129d26475e Fixed: counters incorectly shown in webadmin, contall/nocountall are not applied 2020-12-02 20:08:03 +03:00
z3APA3A
99a744abda Few bugfixes 2020-11-18 16:10:07 +03:00
z3APA3A
021314d6f5 Fix bandlim handling 2020-11-11 17:40:46 +03:00
z3APA3A
596dee0c5b typo corrected 2020-11-05 17:43:03 +03:00
z3APA3A
32d5dc05c3 More accurate bandlim hangling 2020-11-05 16:09:13 +03:00
z3APA3A
c1c5875356 better memory allocation errors handling, countall/nocountall corrected 2020-11-03 02:05:18 +03:00
z3APA3A
d0725163d1 countall / nocountall ssupport added 2020-10-06 14:29:08 +03:00
z3APA3A
3b5fa46e27 Change Proxy-authorization to Proxy-Authorization for compatiblity with RFC ignorant upstreams 2020-07-02 18:34:37 +03:00
z3APA3A
19eef46d7e Compile error in last commit corrected 2020-06-23 11:17:32 +03:00
z3APA3A
c532958b9f Do not cache external port 2020-06-17 16:14:34 +03:00
z3APA3A
1e7e94d7ac corrected 'acl' and 'ext' cach types added with previous commit 
acl - allows to bind cache entry to ACL to prevent caching
authentication for different services
ext - allows to cache external address
both options are useful with RADIUS
 2020-06-17 16:09:28 +03:00
z3APA3A
859713d10f Fail if can not bind to device 2020-06-17 16:05:23 +03:00
z3APA3A
9eac5c13a8 Correct wildcard hostname compare and make it case-insensitve where possible 2020-04-11 11:34:08 +03:00
z3APA3A
9996856698 Send Basic vs basic for Basic HTTP auth to deal with reportedly broken implementation 2019-10-16 11:29:07 +03:00
z3APA3A
e7e7d2fddf "limit" support in authcache to bind sessions to ip 2019-08-21 15:20:43 +03:00
z3APA3A
eb09ae7c58 Support socket options for connback sockets and connection timeouts 2018-05-05 17:16:51 +03:00
z3APA3A
951304e18e Send Connection instead of Proxy-Connection to parent proxy 2018-04-27 22:17:37 +03:00
z3APA3A
24127196ce Remove ICQPR because OSCAR is outdated 2018-04-22 21:46:00 +03:00
z3APA3A
b76b3b49fa rename static buffer 2018-04-21 01:45:09 +03:00
z3APA3A
be5aa53106 Allow transparent client proxy with 'parent 1000 extip 0.0.0.0' 2018-04-15 00:28:59 +03:00
z3APA3A
ff91a6fe72 connlim / noconnlim commands added to support connection / connectio rate limits 2018-01-12 19:09:42 +03:00
z3APA3A
ff9c94f616 Fix: invalid reverse check for dnsresolve 2017-09-08 15:53:42 +03:00
z3APA3A
2983575952 banlimits for old connection may stop functioning on configuration reload 2017-06-25 18:37:19 +03:00
z3APA3A
4251322aad Support hostnames for chained socks5+/socks4+/connect+ requests 2017-03-07 01:19:04 +03:00
z3APA3A
d40e5d458c FIX: tcppm may not work with parent proxy 2017-02-02 00:36:59 +03:00
z3APA3A
c1beee44ef Add support for -os, -oc, -ol 
-ocOPTIONS, -osOPTIONS, -olOPTIONS - options for client (oc), server
(os) or listening (ol) socket
e.g.
proxy -ocTCP_NODELAY,SO_KEEPALIVE,SO_DONTROUTE
 2016-12-25 02:46:30 +03:00
z3APA3A
2ed83b0d6e set TCP_NODELAY for DNS resolution over TCP 2016-12-25 01:28:16 +03:00
z3APA3A
e2884b182a Add timeout for connect in all modules 2016-12-23 00:56:16 +03:00
z3APA3A
e7433d633c 'radius' and 'auth radius' support added (not tested yet) 
Example:
radius secret 192.168.0.1 192.168.0.2
authcache ip,user
auth cache radius
 2016-12-20 19:50:50 +03:00
z3APA3A
f709255d62 Copyrights cleaned, authradius.c added 2016-12-20 15:47:02 +03:00
z3APA3A
a9fb0ea969 Correct previous resolver patch 2016-12-12 12:38:33 +03:00
z3APA3A
afbc27eac4 Correct resolver to handle non-compressed answers 2016-12-11 03:25:18 +03:00