1 /* 2 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors 3 * 4 * Squid software is distributed under GPLv2+ license and includes 5 * contributions from numerous individuals and organizations. 6 * Please see the COPYING and CONTRIBUTORS files for details. 7 */ 8 9 /* DEBUG: section 73 HTTP Request */ 10 11 #ifndef SQUID_REQUESTFLAGS_H_ 12 #define SQUID_REQUESTFLAGS_H_ 13 14 /** request-related flags 15 * 16 * Contains both flags marking a request's current state, 17 * and flags requesting some processing to be done at a later stage. 18 * TODO: better distinguish the two cases. 19 */ 20 class RequestFlags 21 { 22 public: 23 /** true if the response to this request may not be READ from cache */ 24 bool noCache = false; 25 /** request is if-modified-since */ 26 bool ims = false; 27 /** request is authenticated */ 28 bool auth = false; 29 /** do not use keytabs for peer Kerberos authentication */ 30 bool auth_no_keytab = false; 31 /** he response to the request may be stored in the cache */ 32 bool cachable = false; 33 /** the request can be forwarded through the hierarchy */ 34 bool hierarchical = false; 35 /** a loop was detected on this request */ 36 bool loopDetected = false; 37 /** the connection can be kept alive */ 38 bool proxyKeepalive = false; 39 /* this should be killed, also in httpstateflags */ 40 bool proxying = false; 41 /** content has expired, need to refresh it */ 42 bool refresh = false; 43 /** request was redirected by redirectors */ 44 bool redirected = false; 45 /** the requested object needs to be validated. See client_side_reply.cc 46 * for further information. 47 */ 48 bool needValidation = false; 49 /** whether we should fail if validation fails */ 50 bool failOnValidationError = false; 51 /** reply is stale if it is a hit */ 52 bool staleIfHit = false; 53 /** request to override no-cache directives 54 * 55 * always use noCacheHack() for reading. 56 * \note only meaningful if USE_HTTP_VIOLATIONS is defined at build time 57 */ 58 bool nocacheHack = false; 59 /** this request is accelerated (reverse-proxy) */ 60 bool accelerated = false; 61 /** if set, ignore Cache-Control headers */ 62 bool ignoreCc = false; 63 /** set for intercepted requests */ 64 bool intercepted = false; 65 /** set if the Host: header passed verification */ 66 bool hostVerified = false; 67 /// Set for requests handled by a "tproxy" port. 68 bool interceptTproxy = false; 69 /// The client IP address should be spoofed when connecting to the web server. 70 /// This applies to TPROXY traffic that has not had spoofing disabled through 71 /// the spoof_client_ip squid.conf ACL. 72 bool spoofClientIp = false; 73 /** set if the request is internal (\see ClientHttpRequest::flags.internal)*/ 74 bool internal = false; 75 /** if set, request to try very hard to keep the connection alive */ 76 bool mustKeepalive = false; 77 /** set if the rquest wants connection oriented auth */ 78 bool connectionAuth = false; 79 /** set if connection oriented auth can not be supported */ 80 bool connectionAuthDisabled = false; 81 // XXX This is set in clientCheckPinning but never tested 82 /** Request wants connection oriented auth */ 83 bool connectionProxyAuth = false; 84 /** set if the request was sent on a pinned connection */ 85 bool pinned = false; 86 /** Authentication was already sent upstream (e.g. due tcp-level auth) */ 87 bool authSent = false; 88 /** Deny direct forwarding unless overriden by always_direct 89 * Used in accelerator mode */ 90 bool noDirect = false; 91 /** Reply with chunked transfer encoding */ 92 bool chunkedReply = false; 93 /** set if stream error has occurred */ 94 bool streamError = false; 95 /** internal ssl-bump request to get server cert */ 96 bool sslPeek = false; 97 /** set if X-Forwarded-For checking is complete 98 * 99 * do not read directly; use doneFollowXff for reading 100 */ 101 bool done_follow_x_forwarded_for = false; 102 /** set for ssl-bumped requests */ 103 bool sslBumped = false; 104 /// carries a representation of an FTP command [received on ftp_port] 105 bool ftpNative = false; 106 bool destinationIpLookedUp = false; 107 /** request to reset the TCP stream */ 108 bool resetTcp = false; 109 /** set if the request is ranged */ 110 bool isRanged = false; 111 112 /// whether to forward via TunnelStateData (instead of FwdState) 113 bool forceTunnel = false; 114 115 /** clone the flags, resetting to default those which are not safe in 116 * a related (e.g. ICAP-adapted) request. 117 */ 118 RequestFlags cloneAdaptationImmune() const; 119 120 // if FOLLOW_X_FORWARDED_FOR is not set, we always return "done". doneFollowXff()121 bool doneFollowXff() const { 122 return done_follow_x_forwarded_for || !FOLLOW_X_FORWARDED_FOR; 123 } 124 125 // if USE_HTTP_VIOLATIONS is not set, never allow this noCacheHack()126 bool noCacheHack() const { 127 return USE_HTTP_VIOLATIONS && nocacheHack; 128 } 129 }; 130 131 #endif /* SQUID_REQUESTFLAGS_H_ */ 132 133