2 * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 73 HTTP Request */
11 #ifndef SQUID_REQUESTFLAGS_H_
12 #define SQUID_REQUESTFLAGS_H_
14 /** request-related flags
16 * Contains both flags marking a request's current state,
17 * and flags requesting some processing to be done at a later stage.
18 * TODO: better distinguish the two cases.
23 /** true if the response to this request may not be READ from cache */
25 /** request is if-modified-since */
27 /** request is authenticated */
29 /** do not use keytabs for peer Kerberos authentication */
30 bool auth_no_keytab
= false;
31 /** he response to the request may be stored in the cache */
32 bool cachable
= false;
33 /** the request can be forwarded through the hierarchy */
34 bool hierarchical
= false;
35 /** a loop was detected on this request */
36 bool loopDetected
= false;
37 /** the connection can be kept alive */
38 bool proxyKeepalive
= false;
39 /* this should be killed, also in httpstateflags */
40 bool proxying
= false;
41 /** content has expired, need to refresh it */
43 /** request was redirected by redirectors */
44 bool redirected
= false;
45 /** the requested object needs to be validated. See client_side_reply.cc
46 * for further information.
48 bool needValidation
= false;
49 /** whether we should fail if validation fails */
50 bool failOnValidationError
= false;
51 /** reply is stale if it is a hit */
52 bool staleIfHit
= false;
53 /** request to override no-cache directives
55 * always use noCacheHack() for reading.
56 * \note only meaningful if USE_HTTP_VIOLATIONS is defined at build time
58 bool nocacheHack
= false;
59 /** this request is accelerated (reverse-proxy) */
60 bool accelerated
= false;
61 /** if set, ignore Cache-Control headers */
62 bool ignoreCc
= false;
63 /** set for intercepted requests */
64 bool intercepted
= false;
65 /** set if the Host: header passed verification */
66 bool hostVerified
= false;
67 /// Set for requests handled by a "tproxy" port.
68 bool interceptTproxy
= false;
69 /// The client IP address should be spoofed when connecting to the web server.
70 /// This applies to TPROXY traffic that has not had spoofing disabled through
71 /// the spoof_client_ip squid.conf ACL.
72 bool spoofClientIp
= false;
73 /** set if the request is internal (\see ClientHttpRequest::flags.internal)*/
74 bool internal
= false;
75 /** if set, request to try very hard to keep the connection alive */
76 bool mustKeepalive
= false;
77 /** set if the rquest wants connection oriented auth */
78 bool connectionAuth
= false;
79 /** set if connection oriented auth can not be supported */
80 bool connectionAuthDisabled
= false;
81 // XXX This is set in clientCheckPinning but never tested
82 /** Request wants connection oriented auth */
83 bool connectionProxyAuth
= false;
84 /** set if the request was sent on a pinned connection */
86 /** Authentication was already sent upstream (e.g. due tcp-level auth) */
87 bool authSent
= false;
88 /** Deny direct forwarding unless overriden by always_direct
89 * Used in accelerator mode */
90 bool noDirect
= false;
91 /** Reply with chunked transfer encoding */
92 bool chunkedReply
= false;
93 /** set if stream error has occurred */
94 bool streamError
= false;
95 /** internal ssl-bump request to get server cert */
97 /** set if X-Forwarded-For checking is complete
99 * do not read directly; use doneFollowXff for reading
101 bool done_follow_x_forwarded_for
= false;
102 /** set for ssl-bumped requests */
103 bool sslBumped
= false;
104 /// carries a representation of an FTP command [received on ftp_port]
105 bool ftpNative
= false;
106 bool destinationIpLookedUp
= false;
107 /** request to reset the TCP stream */
108 bool resetTcp
= false;
109 /** set if the request is ranged */
110 bool isRanged
= false;
112 /// whether to forward via TunnelStateData (instead of FwdState)
113 bool forceTunnel
= false;
115 /** clone the flags, resetting to default those which are not safe in
116 * a related (e.g. ICAP-adapted) request.
118 RequestFlags
cloneAdaptationImmune() const;
120 // if FOLLOW_X_FORWARDED_FOR is not set, we always return "done".
121 bool doneFollowXff() const {
122 return done_follow_x_forwarded_for
|| !FOLLOW_X_FORWARDED_FOR
;
125 // if USE_HTTP_VIOLATIONS is not set, never allow this
126 bool noCacheHack() const {
127 return USE_HTTP_VIOLATIONS
&& nocacheHack
;
131 #endif /* SQUID_REQUESTFLAGS_H_ */