Hello,
The attached patch implements reply_header_add, for adding HTTP
headers to reply objects as they're sent to the client.
This work is submitted on behalf of Bloomberg L.P.
Thank you,
Nathan.
Implement reply_header_add, the HTTP reply equivalent of request_header_add.
This work is submitted on behalf of Bloomberg L.P.
=== modified file 'src/SquidConfig.h'
--- src/SquidConfig.h 2016-03-12 20:27:35 +0000
+++ src/SquidConfig.h 2016-03-14 23:38:41 +0000
@@ -463,6 +463,8 @@
HeaderManglers *reply_header_access;
///request_header_add access list
HeaderWithAclList *request_header_add;
+ ///reply_header_add access list
+ HeaderWithAclList *reply_header_add;
///note
Notes notes;
char *coredump_dir;
=== modified file 'src/cf.data.pre'
--- src/cf.data.pre 2016-03-12 20:27:35 +0000
+++ src/cf.data.pre 2016-03-14 23:38:41 +0000
@@ -6102,6 +6102,46 @@
only.
DOC_END
+NAME: reply_header_add
+TYPE: HeaderWithAclList
+LOC: Config.reply_header_add
+DEFAULT: none
+DOC_START
+ Usage: reply_header_add field-name field-value acl1 [acl2] ...
+ Example: reply_header_add X-Client-CA "CA=%ssl::>cert_issuer" all
+
+ This option adds header fields to incoming HTTP responses (i.e., response
+ headers delivered by Squid to the client). The option has no effect during
+ cache hit detection. The equivalent adaptation vectoring point in ICAP
+ terminology is post-cache RESPMOD.
+
+ Field-name is a token specifying an HTTP header name. If a
+ standard HTTP header name is used, Squid does not check whether
+ the new header conflicts with any existing headers or violates
+ HTTP rules. If the request to be modified already contains a
+ field with the same name, the old field is preserved but the
+ header field values are not merged.
+
+ Field-value is either a token or a quoted string. If quoted
+ string format is used, then the surrounding quotes are removed
+ while escape sequences and %macros are processed.
+
+ In theory, all of the logformat codes can be used as %macros.
+ However, unlike logging (which happens at the very end of
+ transaction lifetime), the transaction may not yet have enough
+ information to expand a macro when the new header value is needed.
+ And some information may already be available to Squid but not yet
+ committed where the macro expansion code can access it (report
+ such instances!). The macro will be expanded into a single dash
+ ('-') in such cases. Not all macros have been tested.
+
+ One or more Squid ACLs may be specified to restrict header
+ injection to matching requests. As always in squid.conf, all
+ ACLs in an option ACL list must be satisfied for the insertion
+ to happen. The request_header_add option supports fast ACLs
+ only.
+DOC_END
+
NAME: note
TYPE: note
LOC: Config.notes
=== modified file 'src/client_side_reply.cc'
--- src/client_side_reply.cc 2016-03-11 18:00:51 +0000
+++ src/client_side_reply.cc 2016-03-14 23:38:41 +0000
@@ -1303,6 +1303,9 @@
return result;
}
+//Declared in HttpHeaderTools.cc
+void httpHdrAdd(HttpHeader *heads, HttpRequest *request, const AccessLogEntryPointer &al, HeaderWithAclList &headers_add);
+
/**
* Generate the reply headers sent to client.
*
@@ -1579,6 +1582,9 @@
}
httpHdrMangleList(hdr, request, ROR_REPLY);
+
+ if (Config.reply_header_add && !Config.reply_header_add->empty())
+ httpHdrAdd(hdr, request, http->al, *Config.reply_header_add);
}
void
_______________________________________________
squid-dev mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-dev
