bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-06-13 11:00:11 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
909 Commits 4 Branches 31 Tags 3.3 MiB
451b3d180c
Commit Graph

112 Commits

Author SHA1 Message Date
Vladimir Dubrovin
6b61cfde4c Fix for older Windows (7 and below) / VC 2026-04-24 17:04:03 +03:00
Vladimir Dubrovin
4f0f3c81e1 add 'cacheacl' auth type, dstaddr, dstport, dsthost, dstoper, srvaddr and srvport authcache types; allow to configure authcache by service 
'auth cacheacl ...' is identical to 'auth cache ...' except ACL is not checked for cached authentication. dstaddr, dstport, dsthost and dstoper (operation) are intended to be used with cacheacl. For example

authcache user,ip,password,dstaddr 600
auth cacheacl iponly strong

allows user to access destination ip without ACL/password revalidation if he has cached attempt to the same ip from the same ip with the same username and password.

srvaddr, srvport are useful to only match with cached attempts to the same `internal` address / service port.
 2026-04-21 21:49:52 +03:00
Vladimir Dubrovin
083a70393f Minor hashtable refactor 2026-04-20 10:40:38 +03:00
Vladimir Dubrovin
7102afe856 authcache switched to hashtables, overflow fixed 
- authcache switched to use hashtables, size parameter added
- overflow fixed on hashinit
- hashtable prefers new values on insert if table is full
- hashtable is able to compact/grow
 2026-04-19 19:16:33 +03:00
Vladimir Dubrovin
a0d580b36d move hashtable/resolve/sql functions to separate files 2026-04-17 19:29:50 +03:00
Vladimir Dubrovin
afbdad0ac7 Fix for first in chain https/tcps parent 2026-04-13 21:09:46 +03:00
Vladimir Dubrovin
a1a65c3fd5 ssl_client_mode = 3 added, allow 'secure' parent types ending with 's': https, tcps, socks5s, connect+s, etc. 
example:

plugin SSLPlugin.ld.so ssl_plugin

allow user1
parent 1000 http 1.1.1.1 1111
allow user2
parent 1000 https 2.2.2.2 2222
ssl_client_mode 3
ssl_client
proxy

With ssl_client_mode 3 TLS is only handshaked for https parent type and is not handshaked for http parent.
 2026-04-13 20:53:38 +03:00
Vladimir Dubrovin
f77f65ac4e Fix: SOCKSv5 parent reply parsing for domain name address 2026-04-12 14:16:48 +03:00
Vladimir Dubrovin
2d6eeff5f3 FIx typos, update documentation 2026-04-12 13:58:42 +03:00
Vladimir Dubrovin
c206349ee2 Support unix sockets for internal and -i 
Example configuration:

log
auto -iunix:/path/to/3proxy.sock

test with

curl --unix-socket /path/to/3proxy.sock https://3proxy.ru
 2026-04-12 00:30:35 +03:00
Vladimir Dubrovin
483542b914 Use uint32_t/uint16_t instead of unsigned long / unsigned short where required 2026-04-08 21:13:18 +03:00
Vladimir Dubrovin
758c290092 Fix CONNECT_TO usage 2026-04-08 19:21:30 +03:00
Vladimir Dubrovin
00d2ecbc31 Use 64 bit arithmetics for rate limits 2026-04-08 19:21:27 +03:00
Vladimir Dubrovin
8d8ee23385 ssl_client_mode added, code cleanup 
ssl_client_mode
0 (default) - handshake immediately after connect() (with first parent or with destination if there is no parent)
1 - handshake with destination server (handshake after connection via parents is established)
2 - handshake after data channel is established (e.g. after CONNECT)
 2026-04-08 19:21:26 +03:00
Vladimir Dubrovin
3c51af3737 Remove legacy NTLMv1 code 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
7e7a0d4336 Support HAProxy proxy v1 protocol 
Added:
-H option - expect HAProxy proxy v1 header, e.g. `proxy -H`

parent ha type - send HAProxy proxy v1 header (must be last in redirection), e.g.

allow *
parent 1000 ha
parent 1000 proxy 1.2.3.4 3128
socks
 2026-04-08 19:21:25 +03:00
Vladimir Dubrovin
013d4bc333 tlspr (SNI proxy) implemented 
Options -cN - level of TLS check
default - allow non-TLS traffic
1 - require TLS, only check client HELLO packet
2 - require TLS, check both client and server HELLO
3 - require TLS, check server send certificate (not compatible with TLS 1.3)
4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
-P - default port

examples:

1.
tlspr -p1443 -P443 -c1
(port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host

2.
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * * CONNECT
parent 1000 tls 0.0.0.0 0
deny * * some.not.allowed.host
allow *
socks

attempts to take destination hostname from SNI in SOCKS
 2024-05-20 13:01:38 +03:00
Vladimir Dubrovin
161cbbd452 fix crash on insufficient memory 2024-02-18 23:54:31 +03:00
Vladimir Dubrovin
375e3a74d0 call local socket function 2024-02-18 19:41:45 +03:00
Vladimir Dubrovin
8198db8617 adding state to socket functions 2024-02-17 17:31:25 +03:00
Vladimir Dubrovin
5f341806b7 Deadloc on traffcount fixed 2023-07-13 13:13:36 +03:00
Vladimir Dubrovin
6532163f01 Fix connlim issues 2023-04-26 15:04:00 +03:00
Vladimir Dubrovin
f53b0eb985 fix invalid length in previous commit 2021-11-25 12:21:06 +03:00
Vladimir Dubrovin
bd1dcacf73 Fix domain name reply processing on connect request for parent proxy 2021-11-24 22:53:14 +03:00
Vladimir Dubrovin
e1448b9eb1 connlim error code corrected (should return 10) 2021-11-24 18:22:04 +03:00
Vladimir Dubrovin
70b14394b0 Change minumum DNS cache time to 1 sec 2021-10-30 13:43:20 +03:00
Vladimir Dubrovin
daa2b74354 Merge branch 'master' of https://github.com/3proxy/3proxy 2021-10-21 19:57:06 +03:00
Vladimir Dubrovin
f9347c2f8b Allow all-zero IP and port for BIND and UDP ASSOC 2021-10-21 19:56:09 +03:00
z3apa3a
e1b4e50242 Copyright update 2021-07-02 11:50:33 +03:00
Vladimir Dubrovin
7335bc2fb6 Do not change error code >10 on redirection 2021-04-29 14:01:07 +03:00
z3apa3a
cc2979ee5b use uint16 instead of char 2021-04-22 11:26:18 +03:00
z3apa3a
bad85a3d51 Support IPv6 subnets in parent extip 2021-04-21 20:39:57 +03:00
z3APA3A
c30065256f Use so._closesocket instead of socket (compilation issues on non-Windows) 2021-01-20 17:55:09 +03:00
z3APA3A
cbe0c2f511 parentretries command added 2021-01-19 14:40:18 +03:00
z3APA3A
129d26475e Fixed: counters incorectly shown in webadmin, contall/nocountall are not applied 2020-12-02 20:08:03 +03:00
z3APA3A
99a744abda Few bugfixes 2020-11-18 16:10:07 +03:00
z3APA3A
021314d6f5 Fix bandlim handling 2020-11-11 17:40:46 +03:00
z3APA3A
596dee0c5b typo corrected 2020-11-05 17:43:03 +03:00
z3APA3A
32d5dc05c3 More accurate bandlim hangling 2020-11-05 16:09:13 +03:00
z3APA3A
c1c5875356 better memory allocation errors handling, countall/nocountall corrected 2020-11-03 02:05:18 +03:00
z3APA3A
d0725163d1 countall / nocountall ssupport added 2020-10-06 14:29:08 +03:00
z3APA3A
3b5fa46e27 Change Proxy-authorization to Proxy-Authorization for compatiblity with RFC ignorant upstreams 2020-07-02 18:34:37 +03:00
z3APA3A
19eef46d7e Compile error in last commit corrected 2020-06-23 11:17:32 +03:00
z3APA3A
c532958b9f Do not cache external port 2020-06-17 16:14:34 +03:00
z3APA3A
1e7e94d7ac corrected 'acl' and 'ext' cach types added with previous commit 
acl - allows to bind cache entry to ACL to prevent caching
authentication for different services
ext - allows to cache external address
both options are useful with RADIUS
 2020-06-17 16:09:28 +03:00
z3APA3A
859713d10f Fail if can not bind to device 2020-06-17 16:05:23 +03:00
z3APA3A
9eac5c13a8 Correct wildcard hostname compare and make it case-insensitve where possible 2020-04-11 11:34:08 +03:00
z3APA3A
9996856698 Send Basic vs basic for Basic HTTP auth to deal with reportedly broken implementation 2019-10-16 11:29:07 +03:00
z3APA3A
e7e7d2fddf "limit" support in authcache to bind sessions to ip 2019-08-21 15:20:43 +03:00
z3APA3A
eb09ae7c58 Support socket options for connback sockets and connection timeouts 2018-05-05 17:16:51 +03:00