bughz/tinyproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c4dc3ba007
tinyproxy/src/Makefile.am
rofl0r cd005a94ce implement detection and denial of endless connection loops 
it is quite easy to bring down a proxy server by forcing it to make
connections to one of its own ports, because this will result in an endless
loop spawning more and more connections, until all available fds are exhausted.
since there's a potentially infinite number of potential DNS/ip addresses
resolving to the proxy, it is impossible to detect an endless loop by simply
looking at the destination ip address and port.

what *is* possible though is to record the ip/port tuples assigned to outgoing
connections, and then compare them against new incoming connections. if they
match, the sender was the proxy itself and therefore needs to reject that
connection.

fixes #199.
2019-12-21 00:43:45 +00:00

60 lines
1.7 KiB
Makefile
Raw Blame History

# tinyproxy - A fast light-weight HTTP proxy
# Copyright (C) 2000 Robert James Kaes <rjkaes@users.sourceforge.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
pkgsysconfdir = $(sysconfdir)/$(PACKAGE)
bin_PROGRAMS = tinyproxy
AM_CPPFLAGS = \
-DSYSCONFDIR=\"${pkgsysconfdir}\" \
-DLOCALSTATEDIR=\"${localstatedir}\"
tinyproxy_SOURCES = \
acl.c acl.h \
anonymous.c anonymous.h \
buffer.c buffer.h \
child.c child.h \
common.h \
conf.c conf.h \
conns.c conns.h \
daemon.c daemon.h \
hashmap.c hashmap.h \
heap.c heap.h \
html-error.c html-error.h \
http-message.c http-message.h \
log.c log.h \
network.c network.h \
reqs.c reqs.h \
sock.c sock.h \
stats.c stats.h \
text.c text.h \
main.c main.h \
utils.c utils.h \
vector.c vector.h \
upstream.c upstream.h \
basicauth.c basicauth.h \
base64.c base64.h \
sblist.c sblist.h \
loop.c loop.h \
connect-ports.c connect-ports.h
EXTRA_tinyproxy_SOURCES = filter.c filter.h \
reverse-proxy.c reverse-proxy.h \
transparent-proxy.c transparent-proxy.h
tinyproxy_DEPENDENCIES = @ADDITIONAL_OBJECTS@
tinyproxy_LDADD = @ADDITIONAL_OBJECTS@ -lpthread
Reference in New Issue View Git Blame Copy Permalink