1 /*
2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* DEBUG: section 73    HTTP Request */
10 
11 #ifndef SQUID_REQUESTFLAGS_H_
12 #define SQUID_REQUESTFLAGS_H_
13 
14 /** request-related flags
15  *
16  * Contains both flags marking a request's current state,
17  * and flags requesting some processing to be done at a later stage.
18  * TODO: better distinguish the two cases.
19  */
20 class RequestFlags
21 {
22 public:
23     /** true if the response to this request may not be READ from cache */
24     bool noCache = false;
25     /** request is if-modified-since */
26     bool ims = false;
27     /** request is authenticated */
28     bool auth = false;
29     /** do not use keytabs for peer Kerberos authentication */
30     bool auth_no_keytab = false;
31     /** he response to the request may be stored in the cache */
32     bool cachable = false;
33     /** the request can be forwarded through the hierarchy */
34     bool hierarchical = false;
35     /** a loop was detected on this request */
36     bool loopDetected = false;
37     /** the connection can be kept alive */
38     bool proxyKeepalive = false;
39     /* this should be killed, also in httpstateflags */
40     bool proxying = false;
41     /** content has expired, need to refresh it */
42     bool refresh = false;
43     /** request was redirected by redirectors */
44     bool redirected = false;
45     /** the requested object needs to be validated. See client_side_reply.cc
46      * for further information.
47      */
48     bool needValidation = false;
49     /** whether we should fail if validation fails */
50     bool failOnValidationError = false;
51     /** reply is stale if it is a hit */
52     bool staleIfHit = false;
53     /** request to override no-cache directives
54      *
55      * always use noCacheHack() for reading.
56      * \note only meaningful if USE_HTTP_VIOLATIONS is defined at build time
57      */
58     bool nocacheHack = false;
59     /** this request is accelerated (reverse-proxy) */
60     bool accelerated = false;
61     /** if set, ignore Cache-Control headers */
62     bool ignoreCc = false;
63     /** set for intercepted requests */
64     bool intercepted = false;
65     /** set if the Host: header passed verification */
66     bool hostVerified = false;
67     /// Set for requests handled by a "tproxy" port.
68     bool interceptTproxy = false;
69     /// The client IP address should be spoofed when connecting to the web server.
70     /// This applies to TPROXY traffic that has not had spoofing disabled through
71     /// the spoof_client_ip squid.conf ACL.
72     bool spoofClientIp = false;
73     /** set if the request is internal (\see ClientHttpRequest::flags.internal)*/
74     bool internal = false;
75     /** if set, request to try very hard to keep the connection alive */
76     bool mustKeepalive = false;
77     /** set if the rquest wants connection oriented auth */
78     bool connectionAuth = false;
79     /** set if connection oriented auth can not be supported */
80     bool connectionAuthDisabled = false;
81     // XXX This is set in clientCheckPinning but never tested
82     /** Request wants connection oriented auth */
83     bool connectionProxyAuth = false;
84     /** set if the request was sent on a pinned connection */
85     bool pinned = false;
86     /** Authentication was already sent upstream (e.g. due tcp-level auth) */
87     bool authSent = false;
88     /** Deny direct forwarding unless overriden by always_direct
89      * Used in accelerator mode */
90     bool noDirect = false;
91     /** Reply with chunked transfer encoding */
92     bool chunkedReply = false;
93     /** set if stream error has occurred */
94     bool streamError = false;
95     /** internal ssl-bump request to get server cert */
96     bool sslPeek = false;
97     /** set if X-Forwarded-For checking is complete
98      *
99      * do not read directly; use doneFollowXff for reading
100      */
101     bool done_follow_x_forwarded_for = false;
102     /** set for ssl-bumped requests */
103     bool sslBumped = false;
104     /// carries a representation of an FTP command [received on ftp_port]
105     bool ftpNative = false;
106     bool destinationIpLookedUp = false;
107     /** request to reset the TCP stream */
108     bool resetTcp = false;
109     /** set if the request is ranged */
110     bool isRanged = false;
111 
112     /// whether to forward via TunnelStateData (instead of FwdState)
113     bool forceTunnel = false;
114 
115     /** clone the flags, resetting to default those which are not safe in
116      *  a related (e.g. ICAP-adapted) request.
117      */
118     RequestFlags cloneAdaptationImmune() const;
119 
120     // if FOLLOW_X_FORWARDED_FOR is not set, we always return "done".
doneFollowXff()121     bool doneFollowXff() const {
122         return done_follow_x_forwarded_for || !FOLLOW_X_FORWARDED_FOR;
123     }
124 
125     // if USE_HTTP_VIOLATIONS is not set, never allow this
noCacheHack()126     bool noCacheHack() const {
127         return USE_HTTP_VIOLATIONS && nocacheHack;
128     }
129 };
130 
131 #endif /* SQUID_REQUESTFLAGS_H_ */
132 
133