From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 24 Sep 2009 09:33:48 +0000 (+1200)
Subject: Author: Henrik Nordstrom <henrik@henriknordstrom.net>
X-Git-Tag: SQUID_3_1_0_14~13
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=99a8874204be418fed0876669badffd23bc8a62f;p=thirdparty%2Fsquid.git

Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Make ESI behave reasonable when built but not used

- Move (and extent/correct) hardcoded CC ignore to a new http_port
  option ignore-cc

- Limit Surrogate-Capability header addition to accelerated requests.
---

diff --git a/doc/release-notes/release-3.1.sgml b/doc/release-notes/release-3.1.sgml
index 5b3e2f9a9a..a7d74a7929 100644
--- a/doc/release-notes/release-3.1.sgml
+++ b/doc/release-notes/release-3.1.sgml
@@ -1199,7 +1199,7 @@ NOCOMMENT_START
 	X-Forwarded-For entries, and place itself as the sole entry.
 	</verb>
 
-	<tag>http_port transparent intercept sslbump connection-auth[=on|off]</tag>
+	<tag>http_port transparent intercept sslbump connection-auth[=on|off] ignore-cc</tag>
 	<p>Option 'transparent' is being deprecated in favour of 'intercept' which more clearly identifies what the option does.
 	For now option 'tproxy' remains with old behaviour meaning fully-invisible proxy using TPROXY support.</p>
 	<p>New port options
@@ -1221,6 +1221,11 @@ NOCOMMENT_START
 	                the connection, interval how often to probe, and
 	                timeout the time before giving up.
 
+	   ignore-cc	Ignore request Cache-Control headers.
+
+	                Warning: This option violates HTTP specifications if
+	                used in non-accelerator setups.
+
 	   sslBump      Intercept each CONNECT request matching ssl_bump ACL,
 	                establish secure connection with the client and with
 	                the server, decrypt HTTP messages as they pass through
diff --git a/src/ProtoPort.h b/src/ProtoPort.h
index b421dd1267..15d6abf648 100644
--- a/src/ProtoPort.h
+++ b/src/ProtoPort.h
@@ -24,6 +24,7 @@ struct http_port_list {
     unsigned int allow_direct:1;       /**< Allow direct forwarding in accelerator mode */
     unsigned int vhost:1;              /**< uses host header */
     unsigned int sslBump:1;            /**< intercepts CONNECT requests */
+    unsigned int ignore_cc:1;          /**< Ignore request Cache-Control directives */
 
     int vport;                 /* virtual port support, -1 for dynamic, >0 static*/
     bool connection_auth_disabled;     /* Don't support connection oriented auth */
diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index 3ef655023c..b56ecc38e3 100644
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -3002,6 +3002,14 @@ parse_http_port_option(http_port_list * s, char *token)
         s->accel = 1;
     } else if (strcmp(token, "allow-direct") == 0) {
         s->allow_direct = 1;
+    } else if (strcmp(token, "ignore-cc") == 0) {
+        s->ignore_cc = 1;
+#if !HTTP_VIOLATIONS
+        if (!s->accel) {
+            debugs(3, DBG_CRITICAL, "FATAL: ignore-cc is only valid in accelerator mode");
+            self_destruct();
+        }
+#endif
     } else if (strcmp(token, "no-connection-auth") == 0) {
         s->connection_auth_disabled = true;
     } else if (strcmp(token, "connection-auth=off") == 0) {
diff --git a/src/cf.data.pre b/src/cf.data.pre
index f399e6ec10..4703109eed 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1105,6 +1105,11 @@ DOC_START
 	   protocol=	Protocol to reconstruct accelerated requests with.
 			Defaults to http.
 
+	   ignore-cc	Ignore request Cache-Control headers.
+
+	   		Warning: This option violates HTTP specifications if
+			used in non-accelerator setups.
+
 	   connection-auth[=on|off]
 	                use connection-auth=off to tell Squid to prevent 
 	                forwarding Microsoft connection oriented authentication
diff --git a/src/client_side.cc b/src/client_side.cc
index 1b05a90003..5377c8ee06 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -2370,6 +2370,7 @@ clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *c
     }
 
     request->flags.accelerated = http->flags.accel;
+    request->flags.ignore_cc = conn->port->ignore_cc;
     request->flags.no_direct = request->flags.accelerated ? !conn->port->allow_direct : 0;
 
     /** \par
diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index 4e9d29c9b5..608a447d2d 100644
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -742,10 +742,7 @@ clientInterpretRequestHeaders(ClientHttpRequest * http)
     HttpRequest *request = http->request;
     HttpHeader *req_hdr = &request->header;
     int no_cache = 0;
-#if !(USE_SQUID_ESI) || defined(USE_USERAGENT_LOG) || defined(USE_REFERER_LOG)
-
     const char *str;
-#endif
 
     request->imslen = -1;
     request->ims = req_hdr->getTime(HDR_IF_MODIFIED_SINCE);
@@ -753,44 +750,39 @@ clientInterpretRequestHeaders(ClientHttpRequest * http)
     if (request->ims > 0)
         request->flags.ims = 1;
 
-#if USE_SQUID_ESI
-    /*
-     * We ignore Cache-Control as per the Edge Architecture Section 3. See
-     * www.esi.org for more information.
-     */
-#else
+    if (!request->flags.ignore_cc) {
+        if (req_hdr->has(HDR_PRAGMA)) {
+            String s = req_hdr->getList(HDR_PRAGMA);
 
-    if (req_hdr->has(HDR_PRAGMA)) {
-        String s = req_hdr->getList(HDR_PRAGMA);
+            if (strListIsMember(&s, "no-cache", ','))
+                no_cache++;
 
-        if (strListIsMember(&s, "no-cache", ','))
-            no_cache++;
-
-        s.clean();
-    }
+            s.clean();
+        }
 
-    if (request->cache_control)
-        if (EBIT_TEST(request->cache_control->mask, CC_NO_CACHE))
-            no_cache++;
+        if (request->cache_control)
+            if (EBIT_TEST(request->cache_control->mask, CC_NO_CACHE))
+                no_cache++;
 
-    /*
-    * Work around for supporting the Reload button in IE browsers when Squid
-    * is used as an accelerator or transparent proxy, by turning accelerated
-    * IMS request to no-cache requests. Now knows about IE 5.5 fix (is
-    * actually only fixed in SP1, but we can't tell whether we are talking to
-    * SP1 or not so all 5.5 versions are treated 'normally').
-    */
-    if (Config.onoff.ie_refresh) {
-        if (http->flags.accel && request->flags.ims) {
-            if ((str = req_hdr->getStr(HDR_USER_AGENT))) {
-                if (strstr(str, "MSIE 5.01") != NULL)
-                    no_cache++;
-                else if (strstr(str, "MSIE 5.0") != NULL)
-                    no_cache++;
-                else if (strstr(str, "MSIE 4.") != NULL)
-                    no_cache++;
-                else if (strstr(str, "MSIE 3.") != NULL)
-                    no_cache++;
+        /*
+        * Work around for supporting the Reload button in IE browsers when Squid
+        * is used as an accelerator or transparent proxy, by turning accelerated
+        * IMS request to no-cache requests. Now knows about IE 5.5 fix (is
+        * actually only fixed in SP1, but we can't tell whether we are talking to
+        * SP1 or not so all 5.5 versions are treated 'normally').
+        */
+        if (Config.onoff.ie_refresh) {
+            if (http->flags.accel && request->flags.ims) {
+                if ((str = req_hdr->getStr(HDR_USER_AGENT))) {
+                    if (strstr(str, "MSIE 5.01") != NULL)
+                        no_cache++;
+                    else if (strstr(str, "MSIE 5.0") != NULL)
+                        no_cache++;
+                    else if (strstr(str, "MSIE 4.") != NULL)
+                        no_cache++;
+                    else if (strstr(str, "MSIE 3.") != NULL)
+                        no_cache++;
+                }
             }
         }
     }
@@ -799,7 +791,6 @@ clientInterpretRequestHeaders(ClientHttpRequest * http)
         no_cache++;
     }
 
-#endif
     if (no_cache) {
 #if HTTP_VIOLATIONS
 
diff --git a/src/http.cc b/src/http.cc
index 8eef8db54c..98f26cfb22 100644
--- a/src/http.cc
+++ b/src/http.cc
@@ -1503,7 +1503,7 @@ HttpStateData::httpBuildRequestHeader(HttpRequest * request,
     }
 
 #if USE_SQUID_ESI
-    {
+    if (orig_request->flags.accelerated) {
         /* Append Surrogate-Capabilities */
         String strSurrogate (hdr_in->getList(HDR_SURROGATE_CAPABILITY));
         snprintf(bbuf, BBUF_SZ, "%s=\"Surrogate/1.0 ESI/1.0\"",
diff --git a/src/refresh.cc b/src/refresh.cc
index ea3199bf90..7891c34ee8 100644
--- a/src/refresh.cc
+++ b/src/refresh.cc
@@ -281,7 +281,7 @@ refreshCheck(const StoreEntry * entry, HttpRequest * request, time_t delta)
     }
 
     /* request-specific checks */
-    if (request) {
+    if (request && !request->flags.ignore_cc) {
         HttpHdrCc *cc = request->cache_control;
 
         if (request->flags.ims && (R->flags.refresh_ims || Config.onoff.refresh_all_ims)) {
diff --git a/src/structs.h b/src/structs.h
index 4601e7c38c..fb20eb0f31 100644
--- a/src/structs.h
+++ b/src/structs.h
@@ -999,7 +999,7 @@ struct _iostats {
 
 
 struct request_flags {
-    request_flags(): range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),intercepted(0),spoof_client_ip(0),internal(0),internalclient(0),must_keepalive(0),destinationIPLookedUp_(0) {
+    request_flags(): range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),ignore_cc(0),intercepted(0),spoof_client_ip(0),internal(0),internalclient(0),must_keepalive(0),destinationIPLookedUp_(0) {
 #if HTTP_VIOLATIONS
         nocache_hack = 0;
 #endif
@@ -1025,6 +1025,7 @@ unsigned int proxying:
     unsigned int nocache_hack:1;	/* for changing/ignoring no-cache requests */
 #endif
     unsigned int accelerated:1;
+    unsigned int ignore_cc:1;
     unsigned int intercepted:1;  /**< transparently intercepted request */
     unsigned int spoof_client_ip:1;  /**< spoof client ip if possible */
     unsigned int internal:1;