apache · randall · Jun 22, 2020 · Jun 18, 2020
diff --git a/example/plugins/c-api/Makefile.am b/example/plugins/c-api/Makefile.am
@@ -26,8 +26,8 @@ example_Plugins = \
 	add_header.la \
 	append_transform.la \
 	basic_auth.la \
-	blacklist_0.la \
-	blacklist_1.la \
+	blocklist_0.la \
+	blocklist_1.la \
 	bnull_transform.la \
 	cert_update.la \
 	request_buffer.la \
@@ -54,7 +54,7 @@ example_Plugins = \
 	server_transform.la \
 	session_hooks.la \
 	ssl_preaccept.la \
-	ssl_sni_whitelist.la \
+	ssl_sni_allowlist.la \
 	ssl_sni.la \
 	statistic.la \
 	thread_1.la \
@@ -71,8 +71,8 @@ endif
 add_header_la_SOURCES = add_header/add_header.c
 append_transform_la_SOURCES = append_transform/append_transform.c
 basic_auth_la_SOURCES = basic_auth/basic_auth.c
-blacklist_0_la_SOURCES = blacklist_0/blacklist_0.c
-blacklist_1_la_SOURCES = blacklist_1/blacklist_1.c
+blocklist_0_la_SOURCES = blocklist_0/blocklist_0.c
+blocklist_1_la_SOURCES = blocklist_1/blocklist_1.c
 bnull_transform_la_SOURCES = bnull_transform/bnull_transform.c
 cert_update_la_SOURCES = cert_update/cert_update.cc
 request_buffer_la_SOURCES = request_buffer/request_buffer.c
@@ -98,7 +98,7 @@ server_push_la_SOURCES = server_push/server_push.c
 server_transform_la_SOURCES = server_transform/server_transform.c
 ssl_preaccept_la_SOURCES = ssl_preaccept/ssl_preaccept.cc
 ssl_sni_la_SOURCES = ssl_sni/ssl_sni.cc
-ssl_sni_whitelist_la_SOURCES = ssl_sni_whitelist/ssl_sni_whitelist.cc
+ssl_sni_allowlist_la_SOURCES = ssl_sni_allowlist/ssl_sni_allowlist.cc
 disable_http2_la_SOURCES = disable_http2/disable_http2.cc
 verify_cert_la_SOURCES = verify_cert/verify_cert.cc
 statistic_la_SOURCES = statistic/statistic.cc

diff --git a/example/plugins/c-api/blacklist_1/readme.txt b/example/plugins/c-api/blacklist_1/readme.txt
diff --git a/...e/plugins/c-api/blacklist_0/blacklist_0.c → ...e/plugins/c-api/blocklist_0/blocklist_0.c b/...e/plugins/c-api/blacklist_0/blacklist_0.c → ...e/plugins/c-api/blocklist_0/blocklist_0.c
@@ -22,8 +22,8 @@
  */
 
 /*
- *   blacklist_0.c:
- *	original version of blacklist-1, now used for internal testing
+ *   blocklist_0.c:
+ *	original version of blocklist-1, now used for internal testing
  *
  *
  *	Usage:
@@ -34,7 +34,7 @@
 #include <string.h>
 #include <ts/ts.h>
 
-#define PLUGIN_NAME "blacklist_0"
+#define PLUGIN_NAME "blocklist_0"
 
 static char **sites;
 static int nsites;
@@ -69,7 +69,7 @@ handle_dns(TSHttpTxn txnp, TSCont contp)
   }
   for (i = 0; i < nsites; i++) {
     if (strncmp(host, sites[i], host_length) == 0) {
-      printf("blacklisting site: %s\n", sites[i]);
+      printf("blocklisting site: %s\n", sites[i]);
       TSHttpTxnHookAdd(txnp, TS_HTTP_SEND_RESPONSE_HDR_HOOK, contp);
       TSHandleMLocRelease(bufp, hdr_loc, url_loc);
       TSHandleMLocRelease(bufp, TS_NULL_MLOC, url_loc);
@@ -130,7 +130,7 @@ handle_response(TSHttpTxn txnp)
 }
 
 static int
-blacklist_plugin(TSCont contp, TSEvent event, void *edata)
+blocklist_plugin(TSCont contp, TSEvent event, void *edata)
 {
   TSHttpTxn txnp = (TSHttpTxn)edata;
 
@@ -168,6 +168,6 @@ TSPluginInit(int argc, const char *argv[])
       sites[i] = TSstrdup(argv[i + 1]);
     }
 
-    TSHttpHookAdd(TS_HTTP_OS_DNS_HOOK, TSContCreate(blacklist_plugin, NULL));
+    TSHttpHookAdd(TS_HTTP_OS_DNS_HOOK, TSContCreate(blocklist_plugin, NULL));
   }
 }
diff --git a/...e/plugins/c-api/blacklist_1/blacklist.txt → ...e/plugins/c-api/blocklist_1/blocklist.txt b/...e/plugins/c-api/blacklist_1/blacklist.txt → ...e/plugins/c-api/blocklist_1/blocklist.txt
diff --git a/...e/plugins/c-api/blacklist_1/blacklist_1.c → ...e/plugins/c-api/blocklist_1/blocklist_1.c b/...e/plugins/c-api/blacklist_1/blacklist_1.c → ...e/plugins/c-api/blocklist_1/blocklist_1.c
@@ -1,6 +1,6 @@
 /** @file
 
-  An example plugin that denies client access to blacklisted sites (blacklist.txt).
+  An example plugin that denies client access to blocklisted sites (blocklist.txt).
 
   @section license License
 
@@ -27,7 +27,7 @@
 #include "ts/ts.h"
 #include "tscore/ink_defs.h"
 
-#define PLUGIN_NAME "blacklist_1"
+#define PLUGIN_NAME "blocklist_1"
 
 #define MAX_NSITES 500
 #define RETRY_TIME 10
@@ -44,7 +44,7 @@ typedef struct contp_data {
   enum calling_func {
     HANDLE_DNS,
     HANDLE_RESPONSE,
-    READ_BLACKLIST,
+    READ_BLOCKLIST,
   } cf;
 
   TSHttpTxn txnp;
@@ -95,7 +95,7 @@ handle_dns(TSHttpTxn txnp, TSCont contp)
   }
 
   /* We need to lock the sites_mutex as that is the mutex that is
-     protecting the global list of all blacklisted sites. */
+     protecting the global list of all blocklisted sites. */
   if (TSMutexLockTry(sites_mutex) != TS_SUCCESS) {
     TSDebug(PLUGIN_NAME, "Unable to get lock. Will retry after some time");
     TSHandleMLocRelease(bufp, hdr_loc, url_loc);
@@ -107,9 +107,9 @@ handle_dns(TSHttpTxn txnp, TSCont contp)
   for (i = 0; i < nsites; i++) {
     if (strncmp(host, sites[i], host_length) == 0) {
       if (log) {
-        TSTextLogObjectWrite(log, "blacklisting site: %s", sites[i]);
+        TSTextLogObjectWrite(log, "blocklisting site: %s", sites[i]);
       } else {
-        TSDebug(PLUGIN_NAME, "blacklisting site: %s", sites[i]);
+        TSDebug(PLUGIN_NAME, "blocklisting site: %s", sites[i]);
       }
       TSHttpTxnHookAdd(txnp, TS_HTTP_SEND_RESPONSE_HDR_HOOK, contp);
       TSHandleMLocRelease(bufp, hdr_loc, url_loc);
@@ -174,13 +174,13 @@ handle_response(TSHttpTxn txnp, TSCont contp ATS_UNUSED)
 }
 
 static void
-read_blacklist(TSCont contp)
+read_blocklist(TSCont contp)
 {
-  char blacklist_file[1024];
+  char blocklist_file[1024];
   TSFile file;
 
-  sprintf(blacklist_file, "%s/blacklist.txt", TSPluginDirGet());
-  file   = TSfopen(blacklist_file, "r");
+  sprintf(blocklist_file, "%s/blocklist.txt", TSPluginDirGet());
+  file   = TSfopen(blocklist_file, "r");
   nsites = 0;
 
   /* If the Mutex lock is not successful try again in RETRY_TIME */
@@ -215,15 +215,15 @@ read_blacklist(TSCont contp)
 
     TSfclose(file);
   } else {
-    TSError("[%s] Unable to open %s", PLUGIN_NAME, blacklist_file);
+    TSError("[%s] Unable to open %s", PLUGIN_NAME, blocklist_file);
     TSError("[%s] All sites will be allowed", PLUGIN_NAME);
   }
 
   TSMutexUnlock(sites_mutex);
 }
 
 static int
-blacklist_plugin(TSCont contp, TSEvent event, void *edata)
+blocklist_plugin(TSCont contp, TSEvent event, void *edata)
 {
   TSHttpTxn txnp;
   cdata *cd;
@@ -276,7 +276,7 @@ blacklist_plugin(TSCont contp, TSEvent event, void *edata)
         break;
       }
     } else {
-      read_blacklist(contp);
+      read_blocklist(contp);
       return 0;
     }
   default:
@@ -291,7 +291,7 @@ handle_txn_start(TSCont contp ATS_UNUSED, TSHttpTxn txnp)
   TSCont txn_contp;
   cdata *cd;
 
-  txn_contp = TSContCreate((TSEventFunc)blacklist_plugin, TSMutexCreate());
+  txn_contp = TSContCreate((TSEventFunc)blocklist_plugin, TSMutexCreate());
   /* create the data that'll be associated with the continuation */
   cd = (cdata *)TSmalloc(sizeof(cdata));
   TSContDataSet(txn_contp, cd);
@@ -319,8 +319,8 @@ TSPluginInit(int argc ATS_UNUSED, const char *argv[] ATS_UNUSED)
     TSError("[%s] Plugin registration failed", PLUGIN_NAME);
   }
 
-  /* create an TSTextLogObject to log blacklisted requests to */
-  error = TSTextLogObjectCreate("blacklist", TS_LOG_MODE_ADD_TIMESTAMP, &log);
+  /* create an TSTextLogObject to log blocklisted requests to */
+  error = TSTextLogObjectCreate("blocklist", TS_LOG_MODE_ADD_TIMESTAMP, &log);
   if (!log || error == TS_ERROR) {
     TSDebug(PLUGIN_NAME, "error while creating log");
   }
@@ -332,8 +332,8 @@ TSPluginInit(int argc ATS_UNUSED, const char *argv[] ATS_UNUSED)
     sites[i] = NULL;
   }
 
-  global_contp = TSContCreate(blacklist_plugin, sites_mutex);
-  read_blacklist(global_contp);
+  global_contp = TSContCreate(blocklist_plugin, sites_mutex);
+  read_blocklist(global_contp);
 
   /*TSHttpHookAdd (TS_HTTP_OS_DNS_HOOK, contp); */
   TSHttpHookAdd(TS_HTTP_TXN_START_HOOK, global_contp);

diff --git a/example/plugins/c-api/blocklist_1/readme.txt b/example/plugins/c-api/blocklist_1/readme.txt
@@ -0,0 +1,17 @@
+How to run the blocklist plugin
+===============================
+
+1. Modify blocklist.cgi to specify the location of perl and traffic server.
+2. Copy blocklist.cgi, blocklist_1.so, PoweredByInktomi.gif to the directory
+   specified by the variable proxy.config.plugin.plugin_dir.
+3. Modify plugin.config to load the blocklist plugin.
+
+
+
+About the blocklist plugin
+==========================
+
+The blocklist plugin allows Traffic Server to compare all incoming request
+origin servers with a blocklisted set of web servers. If the requested origin
+server is blocklisted, Traffic Server sends the client a message saying that
+access is denied.
diff --git a/...pi/ssl_sni_whitelist/ssl_sni_whitelist.cc → ...pi/ssl_sni_allowlist/ssl_sni_allowlist.cc b/...pi/ssl_sni_whitelist/ssl_sni_whitelist.cc → ...pi/ssl_sni_allowlist/ssl_sni_allowlist.cc
@@ -1,6 +1,6 @@
 /** @file
 
-  SSL SNI white list plugin
+  SSL SNI allow list plugin
   If the server name and IP address are not in the ssl_multicert.config
   go ahead and blind tunnel it.
 
@@ -31,13 +31,13 @@
 
 #include <openssl/ssl.h>
 
-#define PLUGIN_NAME "ssl_sni_whitelist"
+#define PLUGIN_NAME "ssl_sni_allowlist"
 #define PCP "[" PLUGIN_NAME "] "
 
 namespace
 {
 int
-CB_servername_whitelist(TSCont /* contp */, TSEvent /* event */, void *edata)
+CB_servername_allowlist(TSCont /* contp */, TSEvent /* event */, void *edata)
 {
   TSVConn ssl_vc         = reinterpret_cast<TSVConn>(edata);
   TSSslConnection sslobj = TSVConnSslConnectionGet(ssl_vc);
@@ -84,7 +84,7 @@ TSPluginInit(int argc, const char *argv[])
     TSError(PCP "registration failed");
   } else if (TSTrafficServerVersionGetMajor() < 2) {
     TSError(PCP "requires Traffic Server 2.0 or later");
-  } else if (nullptr == (cb_sni = TSContCreate(&CB_servername_whitelist, TSMutexCreate()))) {
+  } else if (nullptr == (cb_sni = TSContCreate(&CB_servername_allowlist, TSMutexCreate()))) {
     TSError(PCP "Failed to create SNI callback");
   } else {
     TSHttpHookAdd(TS_SSL_CERT_HOOK, cb_sni);