X-Forwarded-For entries, and place itself as the sole entry.
</verb>
- <tag>http_port transparent intercept sslbump connection-auth[=on|off]</tag>
+ <tag>http_port transparent intercept sslbump connection-auth[=on|off] ignore-cc</tag>
<p>Option 'transparent' is being deprecated in favour of 'intercept' which more clearly identifies what the option does.
For now option 'tproxy' remains with old behaviour meaning fully-invisible proxy using TPROXY support.</p>
<p>New port options
the connection, interval how often to probe, and
timeout the time before giving up.
+ ignore-cc Ignore request Cache-Control headers.
+
+ Warning: This option violates HTTP specifications if
+ used in non-accelerator setups.
+
sslBump Intercept each CONNECT request matching ssl_bump ACL,
establish secure connection with the client and with
the server, decrypt HTTP messages as they pass through
unsigned int allow_direct:1; /**< Allow direct forwarding in accelerator mode */
unsigned int vhost:1; /**< uses host header */
unsigned int sslBump:1; /**< intercepts CONNECT requests */
+ unsigned int ignore_cc:1; /**< Ignore request Cache-Control directives */
int vport; /* virtual port support, -1 for dynamic, >0 static*/
bool connection_auth_disabled; /* Don't support connection oriented auth */
s->accel = 1;
} else if (strcmp(token, "allow-direct") == 0) {
s->allow_direct = 1;
+ } else if (strcmp(token, "ignore-cc") == 0) {
+ s->ignore_cc = 1;
+#if !HTTP_VIOLATIONS
+ if (!s->accel) {
+ debugs(3, DBG_CRITICAL, "FATAL: ignore-cc is only valid in accelerator mode");
+ self_destruct();
+ }
+#endif
} else if (strcmp(token, "no-connection-auth") == 0) {
s->connection_auth_disabled = true;
} else if (strcmp(token, "connection-auth=off") == 0) {
protocol= Protocol to reconstruct accelerated requests with.
Defaults to http.
+ ignore-cc Ignore request Cache-Control headers.
+
+ Warning: This option violates HTTP specifications if
+ used in non-accelerator setups.
+
connection-auth[=on|off]
use connection-auth=off to tell Squid to prevent
forwarding Microsoft connection oriented authentication
}
request->flags.accelerated = http->flags.accel;
+ request->flags.ignore_cc = conn->port->ignore_cc;
request->flags.no_direct = request->flags.accelerated ? !conn->port->allow_direct : 0;
/** \par
HttpRequest *request = http->request;
HttpHeader *req_hdr = &request->header;
int no_cache = 0;
-#if !(USE_SQUID_ESI) || defined(USE_USERAGENT_LOG) || defined(USE_REFERER_LOG)
-
const char *str;
-#endif
request->imslen = -1;
request->ims = req_hdr->getTime(HDR_IF_MODIFIED_SINCE);
if (request->ims > 0)
request->flags.ims = 1;
-#if USE_SQUID_ESI
- /*
- * We ignore Cache-Control as per the Edge Architecture Section 3. See
- * www.esi.org for more information.
- */
-#else
+ if (!request->flags.ignore_cc) {
+ if (req_hdr->has(HDR_PRAGMA)) {
+ String s = req_hdr->getList(HDR_PRAGMA);
- if (req_hdr->has(HDR_PRAGMA)) {
- String s = req_hdr->getList(HDR_PRAGMA);
+ if (strListIsMember(&s, "no-cache", ','))
+ no_cache++;
- if (strListIsMember(&s, "no-cache", ','))
- no_cache++;
-
- s.clean();
- }
+ s.clean();
+ }
- if (request->cache_control)
- if (EBIT_TEST(request->cache_control->mask, CC_NO_CACHE))
- no_cache++;
+ if (request->cache_control)
+ if (EBIT_TEST(request->cache_control->mask, CC_NO_CACHE))
+ no_cache++;
- /*
- * Work around for supporting the Reload button in IE browsers when Squid
- * is used as an accelerator or transparent proxy, by turning accelerated
- * IMS request to no-cache requests. Now knows about IE 5.5 fix (is
- * actually only fixed in SP1, but we can't tell whether we are talking to
- * SP1 or not so all 5.5 versions are treated 'normally').
- */
- if (Config.onoff.ie_refresh) {
- if (http->flags.accel && request->flags.ims) {
- if ((str = req_hdr->getStr(HDR_USER_AGENT))) {
- if (strstr(str, "MSIE 5.01") != NULL)
- no_cache++;
- else if (strstr(str, "MSIE 5.0") != NULL)
- no_cache++;
- else if (strstr(str, "MSIE 4.") != NULL)
- no_cache++;
- else if (strstr(str, "MSIE 3.") != NULL)
- no_cache++;
+ /*
+ * Work around for supporting the Reload button in IE browsers when Squid
+ * is used as an accelerator or transparent proxy, by turning accelerated
+ * IMS request to no-cache requests. Now knows about IE 5.5 fix (is
+ * actually only fixed in SP1, but we can't tell whether we are talking to
+ * SP1 or not so all 5.5 versions are treated 'normally').
+ */
+ if (Config.onoff.ie_refresh) {
+ if (http->flags.accel && request->flags.ims) {
+ if ((str = req_hdr->getStr(HDR_USER_AGENT))) {
+ if (strstr(str, "MSIE 5.01") != NULL)
+ no_cache++;
+ else if (strstr(str, "MSIE 5.0") != NULL)
+ no_cache++;
+ else if (strstr(str, "MSIE 4.") != NULL)
+ no_cache++;
+ else if (strstr(str, "MSIE 3.") != NULL)
+ no_cache++;
+ }
}
}
}
no_cache++;
}
-#endif
if (no_cache) {
#if HTTP_VIOLATIONS
}
#if USE_SQUID_ESI
- {
+ if (orig_request->flags.accelerated) {
/* Append Surrogate-Capabilities */
String strSurrogate (hdr_in->getList(HDR_SURROGATE_CAPABILITY));
snprintf(bbuf, BBUF_SZ, "%s=\"Surrogate/1.0 ESI/1.0\"",
}
/* request-specific checks */
- if (request) {
+ if (request && !request->flags.ignore_cc) {
HttpHdrCc *cc = request->cache_control;
if (request->flags.ims && (R->flags.refresh_ims || Config.onoff.refresh_all_ims)) {
struct request_flags {
- request_flags(): range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),intercepted(0),spoof_client_ip(0),internal(0),internalclient(0),must_keepalive(0),destinationIPLookedUp_(0) {
+ request_flags(): range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),ignore_cc(0),intercepted(0),spoof_client_ip(0),internal(0),internalclient(0),must_keepalive(0),destinationIPLookedUp_(0) {
#if HTTP_VIOLATIONS
nocache_hack = 0;
#endif
unsigned int nocache_hack:1; /* for changing/ignoring no-cache requests */
#endif
unsigned int accelerated:1;
+ unsigned int ignore_cc:1;
unsigned int intercepted:1; /**< transparently intercepted request */
unsigned int spoof_client_ip:1; /**< spoof client ip if possible */
unsigned int internal:1;
projects / thirdparty / squid.git / commitdiff
