| commit | 057e9f9c7873a174442dea91a47eeb5a4cce76a1 | |
| author | rofl0r <retnyg@gmx.net> | |
| Wed, 1 Mar 2017 15:52:32 +0000 (1 15:52 +0000) | ||
| committer | rofl0r <retnyg@gmx.net> | |
| Wed, 1 Mar 2017 17:19:09 +0000 (1 17:19 +0000) | ||
| tree | f300e9a56718ed267a1b5465f62e7f0475c118b7 | treesnapshot (tar.gz zip) |
| parent | f7221ac31d720925d8d8aada0ffa321e6a29ec6b | commitdiff |
implement "auth-once" mode with option "-1"
this allows to use the server in "secure" user/pass auth mode, but
allowing also non-authed connections from IP addresses that previously
authed successfully.
this is needed because some applications support SOCKS5 only half-assed
without authentication (example: firefox).
so if you don't want your proxy to show up in public listings and be
abused by spammers, you can use this option to punch a hole into the
"firewall".
the first idea to achieve this was to use some kind of port-knocking
or auth scheme on a separate port, but then it appeared much more
straigthforward to just re-use the existing auth mechanism.
my rocksocks library could be used easily to create a small application
that just does one single connection over the SOCKS5 server with
username/password, and from there on all apps can use the no-auth
connection scheme (until your ip changes).
note that once white-listed ip addresses never get invalidated,
so you may want to restart the SOCKS5 server from time to time, if you
fear that other users may be able to use one of the IPs you had in the
past.
this allows to use the server in "secure" user/pass auth mode, but
allowing also non-authed connections from IP addresses that previously
authed successfully.
this is needed because some applications support SOCKS5 only half-assed
without authentication (example: firefox).
so if you don't want your proxy to show up in public listings and be
abused by spammers, you can use this option to punch a hole into the
"firewall".
the first idea to achieve this was to use some kind of port-knocking
or auth scheme on a separate port, but then it appeared much more
straigthforward to just re-use the existing auth mechanism.
my rocksocks library could be used easily to create a small application
that just does one single connection over the SOCKS5 server with
username/password, and from there on all apps can use the no-auth
connection scheme (until your ip changes).
note that once white-listed ip addresses never get invalidated,
so you may want to restart the SOCKS5 server from time to time, if you
fear that other users may be able to use one of the IPs you had in the
past.
| sockssrv.c | diffblobblamehistory |