Back in april, I suggested adding support for "checked jumps" to fproxy. see: http://lists.freenetproject.org/pipermail/devl/2001-April/005036.html I managed to surive flaming on the list but never got around to implementing it. I noticed that Mr. Snarfoo raised the issue of spurious anonymity filter warnings on his homepage today. I finally have a simple patch for fproxy to add support for checked http and ftp jumps (see attached diffs). The attached html file will give you an idea of how it works for content authors. Basically as long as your link minus the leading "http://"; or "ftp://"; doesn't trip the anonymity filter, you can embed a checked link to it in an html page and that page shouldn't trip the filter either. Note that this still won't allow you to embed links that trip the security filter for other reasons (e.g. because of embedded html control characters, cgi queries etc.). I don't think that there are any hidden anonymity attacks. Let me know if you see any. Obviously, once the user clicks past the warning page out of Freenet all bets are off. If no one screams too loud I would be happy to commit this patch. -- gj -- Web page inside Freenet: freenet:MSK@SSK@enI8YFo3gj8UVh-Au0HpKMftf6QQAgE/homepage//
Index: contrib/fproxy/HttpHandlerServlet.java
===================================================================
RCS file: /cvsroot/freenet/Freenet/contrib/fproxy/HttpHandlerServlet.java,v
retrieving revision 1.47
diff -r1.47 HttpHandlerServlet.java
130a131,138
>
> System.err.println("HttpHandlerServelet.run -- url: " + url);
>
> // Handle checked jumps out of freenet.
> if (handleCheckedJump(url)) {
> return;
> }
>
181a190,234
> ////////////////////////////////////////////////////////////
> // Support checked jumps out of Freenet.
> protected final boolean handleCheckedJump(String url) throws IOException {
>
> String decodedURL = decodeCheckedJumpURL(url);
> if (decodedURL == null) {
> return false;
> }
>
> pw.print("HTTP/1.0 200 OK\015\012");
> pw.print("Connection: close\015\012");
> pw.println("Content-type: text/html");
> pw.println();
>
> pw.println("<html>");
> pw.println("<head>");
>
> pw.println("<title>");
> pw.println("Checked jump out of Freenet!");
> pw.println("</title>");
> pw.println("</head>");
>
> pw.println("<body bgcolor=\"#ffffff\">");
>
> pw.println("<p>");
> pw.println("<font color=\"red\">");
> pw.println("<h1>Warning!</h1>");
> pw.println("</font>");
> pw.println("<p>");
> pw.println("You are about to jump out of Freenet.");
> pw.println("<p>");
> pw.println("Click on the link below to continue or hit the");
> pw.println("back button on your browser to abort.");
> pw.println("<p>");
> pw.println("<a href=\"");
> pw.println( decodedURL );
> pw.println("\">" + decodedURL + "</a>");
> pw.println("</body>");
> pw.println("</html>");
> pw.flush();
> out.flush();
> out.close();
>
> return true;
> }
182a236,265
> protected final static String MSG_BADURL = "Couldn't decode checked jump url.";
>
> protected final static String ESCAPED_HTTP = "/__CHECKED_HTTP__";
> protected final static String UNESCAPED_HTTP = "http://";;
>
> protected final static String ESCAPED_FTP = "/__CHECKED_FTP__";
> protected final static String UNESCAPED_FTP = "ftp://";;
>
> protected final static String decodeCheckedJumpURL(String url) {
> String ret = null;
> if (url.startsWith(ESCAPED_HTTP)) {
> if (url.length() < ESCAPED_HTTP.length() + 1) {
> throw new IllegalArgumentException(MSG_BADURL);
> }
>
> ret = UNESCAPED_HTTP + url.substring(ESCAPED_HTTP.length());
> }
>
> if (url.startsWith(ESCAPED_FTP)) {
> if (url.length() < ESCAPED_FTP.length() + 1) {
> throw new IllegalArgumentException(MSG_BADURL);
> }
>
> ret = UNESCAPED_FTP + url.substring(ESCAPED_FTP.length());
> }
>
> return ret;
> }
> ////////////////////////////////////////////////////////////
>
Title:
Test checked jumps
|
Some checked jumps out of FreenetThis page should load in fproxy without tripping the anonymity filter. |
