Full Surrogate/1.0 support

This enables the Surrogate-Control header fields for HTTP reverse proxies
in general. Not only those with ESI capability.

Limited to use by reverse-proxies only, and some added security to strip
Surrogate headers better at the border.

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 2eb07fefabefc9c25148dd94d3a217300d4058df..837f147d02743eccef7ea0afd1bb2f459e3ca771 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -4326,7 +4326,6 @@ COMMENT_START
 COMMENT_END
 
 NAME: httpd_accel_surrogate_id
-IFDEF: USE_SQUID_ESI
 TYPE:  string
 LOC: Config.Accel.surrogate_id
 DEFAULT: unset-id
@@ -4338,7 +4337,6 @@ DOC_START
 DOC_END
 
 NAME: http_accel_surrogate_remote
-IFDEF: USE_SQUID_ESI
 COMMENT: on|off
 TYPE: onoff
 DEFAULT: off

diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc
index 4e7243ae7dc82dda5999ad9ba66cf6c17f47e495..a6580eb29e060ba5104111082bde1783007794da 100644 (file)
--- a/src/client_side_reply.cc
+++ b/src/client_side_reply.cc
@@ -1421,6 +1421,14 @@ clientReplyContext::buildReplyHeader()
 
 #endif
 
+    /* Surrogate-Control requires Surrogate-Capability from upstream to pass on */
+    if ( hdr->has(HDR_SURROGATE_CONTROL) ) {
+        if (!request->header.has(HDR_SURROGATE_CAPABILITY)) {
+            hdr->delById(HDR_SURROGATE_CONTROL);
+        }
+        /* TODO: else case: drop any controls intended specifically for our surrogate ID */
+    }
+
     httpHdrMangleList(hdr, request, ROR_REPLY);
 }
 

diff --git a/src/http.cc b/src/http.cc
index 5e6335c81c0d051c1f6b52b6712382069197777d..39a0d5cc02b33c4d8e365de8f2012beb70819489 100644 (file)
--- a/src/http.cc
+++ b/src/http.cc
@@ -310,12 +310,8 @@ httpMaybeRemovePublic(StoreEntry * e, http_status status)
 void
 HttpStateData::processSurrogateControl(HttpReply *reply)
 {
-#if USE_SQUID_ESI
-
     if (request->flags.accelerated && reply->surrogate_control) {
-        HttpHdrScTarget *sctusable =
-            httpHdrScGetMergedTarget(reply->surrogate_control,
-                                     Config.Accel.surrogate_id);
+        HttpHdrScTarget *sctusable = httpHdrScGetMergedTarget(reply->surrogate_control, Config.Accel.surrogate_id);
 
         if (sctusable) {
             if (EBIT_TEST(sctusable->mask, SC_NO_STORE) ||
@@ -327,7 +323,7 @@ HttpStateData::processSurrogateControl(HttpReply *reply)
 
             /* The HttpHeader logic cannot tell if the header it's parsing is a reply to an
              * accelerated request or not...
-             * Still, this is an abtraction breach. - RC
+             * Still, this is an abstraction breach. - RC
              */
             if (sctusable->max_age != -1) {
                 if (sctusable->max_age < sctusable->max_stale)
@@ -345,8 +341,6 @@ HttpStateData::processSurrogateControl(HttpReply *reply)
             httpHdrScTargetDestroy(sctusable);
         }
     }
-
-#endif
 }
 
 int
@@ -1597,16 +1591,17 @@ HttpStateData::httpBuildRequestHeader(HttpRequest * request,
         strVia.clean();
     }
 
-#if USE_SQUID_ESI
     if (orig_request->flags.accelerated) {
         /* Append Surrogate-Capabilities */
-        String strSurrogate (hdr_in->getList(HDR_SURROGATE_CAPABILITY));
-        snprintf(bbuf, BBUF_SZ, "%s=\"Surrogate/1.0 ESI/1.0\"",
-                 Config.Accel.surrogate_id);
+        String strSurrogate(hdr_in->getList(HDR_SURROGATE_CAPABILITY));
+#if USE_SQUID_ESI
+        snprintf(bbuf, BBUF_SZ, "%s=\"Surrogate/1.0 ESI/1.0\"", Config.Accel.surrogate_id);
+#else
+        snprintf(bbuf, BBUF_SZ, "%s=\"Surrogate/1.0\"", Config.Accel.surrogate_id);
+#endif
         strListAdd(&strSurrogate, bbuf, ',');
         hdr_out->putStr(HDR_SURROGATE_CAPABILITY, strSurrogate.termedBuf());
     }
-#endif
 
     /** \pre Handle X-Forwarded-For */
     if (strcmp(opt_forwarded_for, "delete") != 0) {

diff --git a/src/structs.h b/src/structs.h
index 10005ccbadf6e45230134f05fc6a839456b5c9f1..3cd5c5fef4792f244e47ac75c5d0d4388eac0059 100644 (file)
--- a/src/structs.h
+++ b/src/structs.h
@@ -315,10 +315,7 @@ struct SquidConfig {
     time_t authenticateIpTTL;
 
     struct {
-#if USE_SQUID_ESI
         char *surrogate_id;
-#endif
-
     } Accel;
     char *appendDomain;
     size_t appendDomainLen;
@@ -427,11 +424,7 @@ struct SquidConfig {
         int ie_refresh;
         int vary_ignore_expire;
         int pipeline_prefetch;
-
-#if USE_SQUID_ESI
         int surrogate_is_remote;
-#endif
-
         int request_entities;
         int detect_broken_server_pconns;
         int balance_on_multiple_ip;