TLSAuthCache = make(map[string]*tls.Certificate)
TLSAuthCacheM sync.RWMutex
+
+ Spies = make([]string, 0)
+ SpiesM sync.RWMutex
)
If you want to use TLS client certificates, then place them to
@file{-ccerts} directory.
+@item
+Load spying domains to reject to with:
+
+@example
+$ cat spies.txt > fifos/add-spies
+@end example
+
@item Watch logs:
@example
for f in cert dane err http-auth non-ok ok redir req tls tls-auth various ; do
[ -p log-$f ] || mkfifo log-$f
done
-for f in accepted http-auth rejected tls-auth ; do
+for f in accepted http-auth rejected spies tls-auth ; do
[ -p list-$f ] || mkfifo list-$f
[ -p del-$f ] || mkfifo del-$f
done
+[ -p add-spies ] || mkfifo add-spies
--- /dev/null
+/*
+tofuproxy -- HTTP proxy with TLS certificates management
+Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 3 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fifos
+
+import (
+ "bufio"
+ "log"
+ "os"
+
+ "go.stargrave.org/tofuproxy/caches"
+)
+
+func listSpies(p string) {
+ for {
+ fd, err := os.OpenFile(p, os.O_WRONLY|os.O_APPEND, os.FileMode(0666))
+ if err != nil {
+ log.Fatalln(err)
+ }
+ caches.SpiesM.RLock()
+ for _, spy := range caches.Spies {
+ if _, err = fd.WriteString(spy + "\n"); err != nil {
+ break
+ }
+ }
+ caches.SpiesM.RUnlock()
+ fd.Close()
+ }
+}
+
+func addSpy(p string) {
+ for {
+ fd, err := os.OpenFile(p, os.O_RDONLY, os.FileMode(0666))
+ if err != nil {
+ log.Fatalln(err)
+ }
+ hosts := make(map[string]struct{})
+ scanner := bufio.NewScanner(fd)
+ for scanner.Scan() {
+ t := scanner.Text()
+ if len(t) > 0 {
+ hosts[t] = struct{}{}
+ }
+ }
+ fd.Close()
+ for host := range hosts {
+ log.Printf("%s: adding host %s\n", p, host)
+ }
+ caches.SpiesM.Lock()
+ for _, spy := range caches.Spies {
+ hosts[spy] = struct{}{}
+ }
+ caches.Spies = caches.Spies[:0]
+ for host := range hosts {
+ caches.Spies = append(caches.Spies, host)
+ }
+ caches.SpiesM.Unlock()
+ }
+}
go listAccepted(filepath.Join(fifos, "list-accepted"))
go listHTTPAuth(filepath.Join(fifos, "list-http-auth"))
go listRejected(filepath.Join(fifos, "list-rejected"))
+ go listSpies(filepath.Join(fifos, "list-spies"))
go listTLSAuth(filepath.Join(fifos, "list-tls-auth"))
go del(
&caches.TLSAuthCacheM, func(host string) { delete(caches.TLSAuthCache, host) },
filepath.Join(fifos, "del-tls-auth"),
)
+
+ go addSpy(filepath.Join(fifos, "add-spies"))
+ go del(
+ &caches.SpiesM, func(host string) {
+ for i, spy := range caches.Spies {
+ if spy == host {
+ caches.Spies[i] = caches.Spies[len(caches.Spies)-1]
+ caches.Spies = caches.Spies[:len(caches.Spies)-1]
+ return
+ }
+ }
+ },
+ filepath.Join(fifos, "del-spies"),
+ )
}
"net/http"
"strings"
+ "go.stargrave.org/tofuproxy/caches"
"go.stargrave.org/tofuproxy/fifos"
)
-var spyDomains = []string{
- "google-analytics.com",
- "goo.gl",
- "ads.google.com",
- "googletagmanager.com",
- "facebook.com",
- "facebook.net",
- "fbcdn.com",
- "fbcdn.net",
- "advertising.yandex.ru",
- "an.yandex.ru",
- "awaps.yandex.ru",
- "bs.yandex.ru",
- "informer.yandex.ru",
- "mc.yandex.ru",
- "metrika.yandex.ru",
- "doubleclick.net",
- "tns-counter.ru",
-}
-
func IsSpy(host string) bool {
- for _, spy := range spyDomains {
+ caches.SpiesM.RLock()
+ defer caches.SpiesM.RUnlock()
+ for _, spy := range caches.Spies {
if strings.HasSuffix(host, spy) {
return true
}
--- /dev/null
+google-analytics.com
+goo.gl
+ads.google.com
+googletagmanager.com
+facebook.com
+facebook.net
+fbcdn.com
+fbcdn.net
+advertising.yandex.ru
+an.yandex.ru
+awaps.yandex.ru
+bs.yandex.ru
+informer.yandex.ru
+mc.yandex.ru
+metrika.yandex.ru
+doubleclick.net
+tns-counter.ru
+counter.rambler.ru