fix reversepath directive using https url giving misleading error

it's not possible to use a https url in a ReversePath directive, without removing the security provided by https, and would require adding a dependency on a TLS library like openssl and a lot of code complexity to fetch the requested resource via https and relay it back to the client. in case the reversepath directive kicked in, but the protocol wasn't recognized, and support for transparent proxying built-in, the code wrongfully tried to turn the request into a trans request, leading to a bogus rewritten url like http://localhost:8888https://www.endpoint.com and an error message that we're trying to connect to the machine the proxy runs on. now instead use the generic code that signals an invalid protocol/url was used. closes #419
2022-08-20 14:43:24 +00:00 · 2022-08-20 14:43:24 +00:00 · 84f203fb1c
commit 84f203fb1c
parent 121be4a74e
1 changed files with 12 additions and 7 deletions
--- a/src/reqs.c
+++ b/src/reqs.c
@ -322,9 +322,11 @@ static struct request_s *process_request (struct conn_s *connptr,
 {
        char *url;
        struct request_s *request;
-        int ret;
+        int ret, skip_trans;
        size_t request_len;

+        skip_trans = 0;
+
        /* NULL out all the fields so frees don't cause segfaults. */
        request =
            (struct request_s *) safecalloc (1, sizeof (struct request_s));
@ -397,6 +399,7 @@ BAD_REQUEST_ERROR:
                        }
                        safefree (url);
                        url = reverse_url;
+                        skip_trans = 1;
                } else if (config->reverseonly) {
                        log_message (LOG_ERR,
                                     "Bad request, no mapping for '%s' found",
@ -446,11 +449,13 @@ BAD_REQUEST_ERROR:
                connptr->connect_method = TRUE;
        } else {
 #ifdef TRANSPARENT_PROXY
+                if (!skip_trans) {
                        if (!do_transparent_proxy
-                    (connptr, hashofheaders, request, config, &url)) {
+                            (connptr, hashofheaders, request, config, &url))
                                goto fail;
-                }
-#else
+                } else
+#endif
+                {
                indicate_http_error (connptr, 501, "Not Implemented",
                                     "detail",
                                     "Unknown method or unsupported protocol.",
@ -458,7 +463,7 @@ BAD_REQUEST_ERROR:
                log_message (LOG_INFO, "Unknown method (%s) or protocol (%s)",
                             request->method, url);
                goto fail;
-#endif
+                }
        }

 #ifdef FILTER_ENABLE