*** proxy_http.c	Tue Apr 11 16:13:07 2006
--- proxy_http.c.johnc	Tue Apr 11 16:13:36 2006
***************
*** 135,140 ****
--- 135,145 ----
      struct nocache_entry *ncent = (struct nocache_entry *) conf->nocaches->elts;
      int nocache = 0;
  
+     /* johnc@grok.org.uk */
+     struct allowedrefs_entry *arefs = (struct allowedrefs_entry *) conf->allowedrefs->elts;
+     struct alloweduas_entry *auas = (struct alloweduas_entry *) conf->alloweduas->elts;
+     struct allowedaccepts_entry *aaccs = (struct allowedaccepts_entry *) conf->allowedaccepts->elts;
+ 
      if (conf->cache.root == NULL)
          nocache = 1;
  
***************
*** 373,378 ****
--- 378,452 ----
           */
              || !strcasecmp(reqhdrs_elts[i].key, "Proxy-Authorization"))
              continue;
+ 
+ 	/*
+ 	 * johnc@grok.org.uk
+          * remove Referer unless in list of allowed destinations
+          * remove UserAgent unless in list of allowed destinations
+          */
+ 
+ 	if (!strcasecmp(reqhdrs_elts[i].key, "Referer")) {
+ 
+ 	    int nref = 0;
+ 	    int needsRef = 0;
+ 
+   	    /* check for RefererAllow directive on this host */
+     	    for (nref = 0; nref < conf->allowedrefs->nelts; nref++) {
+ 	        if (destaddr.s_addr == arefs[nref].addr.s_addr ||
+                     (arefs[nref].name != NULL &&
+                     (arefs[nref].name[0] == '*' || 
+ 		    strstr(desthost, arefs[nref].name) != NULL))) {
+ 		
+ 		    needsRef = 1;
+ 		    break;
+ 		}
+ 	    }
+ 
+ 	    /* remove the header if necessary */
+ 	    if (!needsRef) continue;
+ 
+ 	} else if (!strcasecmp(reqhdrs_elts[i].key, "User-Agent")) {
+ 
+             int nua = 0;
+             int needsUA = 0;
+ 
+             /* check for UserAgentAllow directive on this host */
+             for (nua = 0; nua < conf->alloweduas->nelts; nua++) {
+                 if (destaddr.s_addr == auas[nua].addr.s_addr ||
+                     (auas[nua].name != NULL &&
+                     (auas[nua].name[0] == '*' ||
+                     strstr(desthost, auas[nua].name) != NULL))) {
+ 
+                     needsUA = 1;
+                     break;
+                 }
+             }
+ 
+             /* remove the header if necessary */
+             if (!needsUA) continue;
+ 
+ 	} else if (!strncasecmp(reqhdrs_elts[i].key, "Accept", 6)) {
+ 
+             int nac = 0;
+             int needsAcc = 0;
+ 
+             /* check for AcceptAllow directive on this host */
+             for (nac = 0; nac < conf->allowedaccepts->nelts; nac++) {
+                 if (destaddr.s_addr == aaccs[nac].addr.s_addr ||
+                     (aaccs[nac].name != NULL &&
+                     (aaccs[nac].name[0] == '*' ||
+                     strstr(desthost, aaccs[nac].name) != NULL))) {
+ 
+                     needsAcc = 1;
+                     break;
+                 }
+             }
+ 
+             /* remove the header if necessary */
+             if (!needsAcc) continue;
+ 
+ 	}	
+ 		
          ap_bvputs(f, reqhdrs_elts[i].key, ": ", reqhdrs_elts[i].val, CRLF, NULL);
      }