From: Henrik Nordstrom Date: Fri, 18 Sep 2009 23:46:33 +0000 (+0200) Subject: Make ESI behave reasonable when built but not used X-Git-Tag: SQUID_3_2_0_1~709 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=432bc83c52e6939ca34d6b7e4494533668a61afd;p=thirdparty%2Fsquid.git Make ESI behave reasonable when built but not used - Move (and extent/correct) hardcoded CC ignore to a new http_port option ignore-cc - Limit Surrogate-Capability header addition to accelerated requests. --- diff --git a/src/ProtoPort.h b/src/ProtoPort.h index b421dd1267..15d6abf648 100644 --- a/src/ProtoPort.h +++ b/src/ProtoPort.h @@ -24,6 +24,7 @@ struct http_port_list { unsigned int allow_direct:1; /**< Allow direct forwarding in accelerator mode */ unsigned int vhost:1; /**< uses host header */ unsigned int sslBump:1; /**< intercepts CONNECT requests */ + unsigned int ignore_cc:1; /**< Ignore request Cache-Control directives */ int vport; /* virtual port support, -1 for dynamic, >0 static*/ bool connection_auth_disabled; /* Don't support connection oriented auth */ diff --git a/src/cache_cf.cc b/src/cache_cf.cc index d0a967434d..94fd362802 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -3046,6 +3046,14 @@ parse_http_port_option(http_port_list * s, char *token) s->accel = 1; } else if (strcmp(token, "allow-direct") == 0) { s->allow_direct = 1; + } else if (strcmp(token, "ignore-cc") == 0) { + s->ignore_cc = 1; +#if !HTTP_VIOLATIONS + if (!s->accel) { + debugs(3, DBG_CRITICAL, "FATAL: ignore-cc is only valid in accelerator mode"); + self_destruct(); + } +#endif } else if (strcmp(token, "no-connection-auth") == 0) { s->connection_auth_disabled = true; } else if (strcmp(token, "connection-auth=off") == 0) { diff --git a/src/cf.data.pre b/src/cf.data.pre index afb26c31d5..dbe160d9b9 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1113,6 +1113,11 @@ DOC_START protocol= Protocol to reconstruct accelerated requests with. Defaults to http. + ignore-cc Ignore request Cache-Control headers. + + Warning: This option violates HTTP specifications if + used in non-accelerator setups. + connection-auth[=on|off] use connection-auth=off to tell Squid to prevent forwarding Microsoft connection oriented authentication diff --git a/src/client_side.cc b/src/client_side.cc index 1b05a90003..5377c8ee06 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -2370,6 +2370,7 @@ clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *c } request->flags.accelerated = http->flags.accel; + request->flags.ignore_cc = conn->port->ignore_cc; request->flags.no_direct = request->flags.accelerated ? !conn->port->allow_direct : 0; /** \par diff --git a/src/client_side_request.cc b/src/client_side_request.cc index aa2d608b47..e7c0b072b6 100644 --- a/src/client_side_request.cc +++ b/src/client_side_request.cc @@ -803,10 +803,7 @@ clientInterpretRequestHeaders(ClientHttpRequest * http) HttpRequest *request = http->request; HttpHeader *req_hdr = &request->header; int no_cache = 0; -#if !(USE_SQUID_ESI) || defined(USE_USERAGENT_LOG) || defined(USE_REFERER_LOG) - const char *str; -#endif request->imslen = -1; request->ims = req_hdr->getTime(HDR_IF_MODIFIED_SINCE); @@ -814,44 +811,39 @@ clientInterpretRequestHeaders(ClientHttpRequest * http) if (request->ims > 0) request->flags.ims = 1; -#if USE_SQUID_ESI - /* - * We ignore Cache-Control as per the Edge Architecture Section 3. See - * www.esi.org for more information. - */ -#else + if (!request->flags.ignore_cc) { + if (req_hdr->has(HDR_PRAGMA)) { + String s = req_hdr->getList(HDR_PRAGMA); - if (req_hdr->has(HDR_PRAGMA)) { - String s = req_hdr->getList(HDR_PRAGMA); + if (strListIsMember(&s, "no-cache", ',')) + no_cache++; - if (strListIsMember(&s, "no-cache", ',')) - no_cache++; - - s.clean(); - } + s.clean(); + } - if (request->cache_control) - if (EBIT_TEST(request->cache_control->mask, CC_NO_CACHE)) - no_cache++; + if (request->cache_control) + if (EBIT_TEST(request->cache_control->mask, CC_NO_CACHE)) + no_cache++; - /* - * Work around for supporting the Reload button in IE browsers when Squid - * is used as an accelerator or transparent proxy, by turning accelerated - * IMS request to no-cache requests. Now knows about IE 5.5 fix (is - * actually only fixed in SP1, but we can't tell whether we are talking to - * SP1 or not so all 5.5 versions are treated 'normally'). - */ - if (Config.onoff.ie_refresh) { - if (http->flags.accel && request->flags.ims) { - if ((str = req_hdr->getStr(HDR_USER_AGENT))) { - if (strstr(str, "MSIE 5.01") != NULL) - no_cache++; - else if (strstr(str, "MSIE 5.0") != NULL) - no_cache++; - else if (strstr(str, "MSIE 4.") != NULL) - no_cache++; - else if (strstr(str, "MSIE 3.") != NULL) - no_cache++; + /* + * Work around for supporting the Reload button in IE browsers when Squid + * is used as an accelerator or transparent proxy, by turning accelerated + * IMS request to no-cache requests. Now knows about IE 5.5 fix (is + * actually only fixed in SP1, but we can't tell whether we are talking to + * SP1 or not so all 5.5 versions are treated 'normally'). + */ + if (Config.onoff.ie_refresh) { + if (http->flags.accel && request->flags.ims) { + if ((str = req_hdr->getStr(HDR_USER_AGENT))) { + if (strstr(str, "MSIE 5.01") != NULL) + no_cache++; + else if (strstr(str, "MSIE 5.0") != NULL) + no_cache++; + else if (strstr(str, "MSIE 4.") != NULL) + no_cache++; + else if (strstr(str, "MSIE 3.") != NULL) + no_cache++; + } } } } @@ -860,7 +852,6 @@ clientInterpretRequestHeaders(ClientHttpRequest * http) no_cache++; } -#endif if (no_cache) { #if HTTP_VIOLATIONS diff --git a/src/http.cc b/src/http.cc index 7a83a32959..b577795bb3 100644 --- a/src/http.cc +++ b/src/http.cc @@ -1592,7 +1592,7 @@ HttpStateData::httpBuildRequestHeader(HttpRequest * request, } #if USE_SQUID_ESI - { + if (orig_request->flags.accelerated) { /* Append Surrogate-Capabilities */ String strSurrogate (hdr_in->getList(HDR_SURROGATE_CAPABILITY)); snprintf(bbuf, BBUF_SZ, "%s=\"Surrogate/1.0 ESI/1.0\"", diff --git a/src/refresh.cc b/src/refresh.cc index ea3199bf90..7891c34ee8 100644 --- a/src/refresh.cc +++ b/src/refresh.cc @@ -281,7 +281,7 @@ refreshCheck(const StoreEntry * entry, HttpRequest * request, time_t delta) } /* request-specific checks */ - if (request) { + if (request && !request->flags.ignore_cc) { HttpHdrCc *cc = request->cache_control; if (request->flags.ims && (R->flags.refresh_ims || Config.onoff.refresh_all_ims)) { diff --git a/src/structs.h b/src/structs.h index e80fc29f73..e945dbcd1c 100644 --- a/src/structs.h +++ b/src/structs.h @@ -1004,7 +1004,7 @@ struct _iostats { struct request_flags { - request_flags(): range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),intercepted(0),spoof_client_ip(0),internal(0),internalclient(0),must_keepalive(0),destinationIPLookedUp_(0) { + request_flags(): range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),ignore_cc(0),intercepted(0),spoof_client_ip(0),internal(0),internalclient(0),must_keepalive(0),destinationIPLookedUp_(0) { #if HTTP_VIOLATIONS nocache_hack = 0; #endif @@ -1030,6 +1030,7 @@ unsigned int proxying: unsigned int nocache_hack:1; /* for changing/ignoring no-cache requests */ #endif unsigned int accelerated:1; + unsigned int ignore_cc:1; unsigned int intercepted:1; /**< transparently intercepted request */ unsigned int spoof_client_ip:1; /**< spoof client ip if possible */ unsigned int internal:1;