2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 73 HTTP Request */
11 #ifndef SQUID_REQUESTFLAGS_H_
12 #define SQUID_REQUESTFLAGS_H_
14 #include "base/SupportOrVeto.h"
16 /** request-related flags
18 * Contains both flags marking a request's current state,
19 * and flags requesting some processing to be done at a later stage.
20 * TODO: better distinguish the two cases.
25 /** true if the response to this request may not be READ from cache */
27 /** request is if-modified-since */
29 /** request is authenticated */
31 /** do not use keytabs for peer Kerberos authentication */
32 bool auth_no_keytab
= false;
34 /// whether the response may be stored in the cache
35 SupportOrVeto cachable
;
37 /** the request can be forwarded through the hierarchy */
38 bool hierarchical
= false;
39 /** a loop was detected on this request */
40 bool loopDetected
= false;
41 /** the connection can be kept alive */
42 bool proxyKeepalive
= false;
43 /** content has expired, need to refresh it */
45 /** request was redirected by redirectors */
46 bool redirected
= false;
47 /** the requested object needs to be validated. See client_side_reply.cc
48 * for further information.
50 bool needValidation
= false;
51 /** whether we should fail if validation fails */
52 bool failOnValidationError
= false;
53 /** reply is stale if it is a hit */
54 bool staleIfHit
= false;
55 /** request to override no-cache directives
57 * always use noCacheHack() for reading.
58 * \note only meaningful if USE_HTTP_VIOLATIONS is defined at build time
60 bool nocacheHack
= false;
61 /** this request is accelerated (reverse-proxy) */
62 bool accelerated
= false;
63 /** if set, ignore Cache-Control headers */
64 bool ignoreCc
= false;
65 /** set for intercepted requests */
66 bool intercepted
= false;
67 /** set if the Host: header passed verification */
68 bool hostVerified
= false;
69 /// Set for requests handled by a "tproxy" port.
70 bool interceptTproxy
= false;
71 /// The client IP address should be spoofed when connecting to the web server.
72 /// This applies to TPROXY traffic that has not had spoofing disabled through
73 /// the spoof_client_ip squid.conf ACL.
74 bool spoofClientIp
= false;
76 /// whether the request targets a /squid-internal- resource (e.g., a MIME
77 /// icon or a cache manager page) served by this Squid instance
78 /// \sa ClientHttpRequest::flags.internal
79 /// TODO: Rename to avoid a false implication that this flag is true for
80 /// requests for /squid-internal- resources served by other Squid instances.
81 bool internal
= false;
83 /** if set, request to try very hard to keep the connection alive */
84 bool mustKeepalive
= false;
85 /** set if the request wants connection oriented auth */
86 bool connectionAuth
= false;
87 /** set if connection oriented auth can not be supported */
88 bool connectionAuthDisabled
= false;
89 // XXX This is set in clientCheckPinning but never tested
90 /** Request wants connection oriented auth */
91 bool connectionProxyAuth
= false;
92 /** set if the request was sent on a pinned connection */
94 /** Authentication was already sent upstream (e.g. due tcp-level auth) */
95 bool authSent
= false;
96 /** Deny direct forwarding unless overridden by always_direct
97 * Used in accelerator mode */
98 bool noDirect
= false;
99 /** Reply with chunked transfer encoding */
100 bool chunkedReply
= false;
101 /** set if stream error has occurred */
102 bool streamError
= false;
103 /** internal ssl-bump request to get server cert */
104 bool sslPeek
= false;
105 /** set if X-Forwarded-For checking is complete
107 * do not read directly; use doneFollowXff for reading
109 bool done_follow_x_forwarded_for
= false;
110 /** set for ssl-bumped requests */
111 bool sslBumped
= false;
112 /// carries a representation of an FTP command [received on ftp_port]
113 bool ftpNative
= false;
114 bool destinationIpLookedUp
= false;
115 /** request to reset the TCP stream */
116 bool resetTcp
= false;
117 /** set if the request is ranged */
118 bool isRanged
= false;
120 /// whether to forward via TunnelStateData (instead of FwdState)
121 bool forceTunnel
= false;
123 /** clone the flags, resetting to default those which are not safe in
124 * a related (e.g. ICAP-adapted) request.
126 RequestFlags
cloneAdaptationImmune() const;
128 // if FOLLOW_X_FORWARDED_FOR is not set, we always return "done".
129 bool doneFollowXff() const {
130 return done_follow_x_forwarded_for
|| !FOLLOW_X_FORWARDED_FOR
;
133 // if USE_HTTP_VIOLATIONS is not set, never allow this
134 bool noCacheHack() const {
135 return USE_HTTP_VIOLATIONS
&& nocacheHack
;
138 /// ban satisfying the request from the cache and ban storing the response
140 /// \param reason summarizes the marking decision context (for debugging)
141 void disableCacheUse(const char *reason
);
144 #endif /* SQUID_REQUESTFLAGS_H_ */