Hi, the patch attached restores the functionality to replace reply headers as found in Squid 2 (header_replace worked for both request and reply headers back then) and updates the release notes as requested by Amos.
The patch is against HEAD. I'm also using it with Squid 3.1.11 where I had to s/IFDEF: USE_HTTP_VIOLATIONS/IFDEF: HTTP_VIOLATIONS/. In case a separate patch is needed, please let me know. Thanks, Marco P.S.: I'm not subscribed to squid-dev (only squid-users), please CC me when replying. ----- Forwarded message from Amos Jeffries <[email protected]> ----- Date: Fri, 18 Mar 2011 14:35:54 +1300 From: Amos Jeffries <[email protected]> To: [email protected] Subject: Re: [squid-users] Force Basic auth for Java applets [...] > * Created with 'bzr send'; never used bzr before, so I don't know > if this is the usual way to send patches around... For us it is accepted, merge/send or diff patches. Just needs to go to the squid-dev mailing list with an appropriate commit message. This type of bzr merge patch needs a [MERGE] on the subject line for the automatics. I've done the audit part for this, looks fine. I'll port this back to 3.1 stable as a regression fix, so the doc/release-notes/release-3.1.sgml file also needs updating as part of the patch (ignore the .html). Specifically; adding header_replace entry under changed config options to say its deprecated by request_header_replace. Along with entries for the two new names under added config options. Cheers. Amos ----- End forwarded message -----
# Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: [email protected] # target_branch: http://www.squid-cache.org/bzr/squid3/trunk/ # testament_sha1: b3104c744fd10b39fc67794b1b94d6ab3eee99b8 # timestamp: 2011-03-18 12:25:57 +0100 # base_revision_id: [email protected]\ # 0j6n99qbq3utm2an # # Begin patch === modified file 'doc/release-notes/release-3.1.sgml' --- doc/release-notes/release-3.1.sgml 2011-02-07 12:36:58 +0000 +++ doc/release-notes/release-3.1.sgml 2011-03-18 10:59:33 +0000 @@ -701,6 +701,22 @@ <p>Controls how many different forward paths Squid will try before giving up. Default: 10 + <tag>reply_header_replace</tag> + <p>This option allows you to change the contents of reply headers. + <verb> + In Squid 2 header_replace (now deprecated) worked for both requests + and replies, while in Squid 3 it only did respect request headers. + This option brings back the functionality to replace the contents of + reply headers. Consult the documentation for usage details. + + <tag>request_header_replace</tag> + <p>This option allows you to change the contents of request headers. + <verb> + To be consistent with the naming changes of header_access in Squid 3 + (header_access has been split into two options request_header_access + and reply_header_access), header_replace (now deprecated) is being + replaced by request_header_replace. + <tag>icap_log</tag> <p>New option to write ICAP log files record ICAP transaction summaries, one line per transaction. Similar to access.log. @@ -1091,6 +1107,9 @@ X-Forwarded-For entries, and place the client IP as the sole entry. </verb> + <tag>header_replace</tag> + <p>Deprecated. Use request_header_replace or reply_header_replace instead. + <tag>http_port transparent intercept ssl-bump connection-auth[=on|off] ignore-cc</tag> <p>Option 'transparent' is being deprecated in favour of 'intercept' which more clearly identifies what the option does. For now option 'tproxy' remains with old behaviour meaning fully-invisible proxy using TPROXY support.</p> === modified file 'src/cf.data.pre' --- src/cf.data.pre 2011-03-15 17:39:36 +0000 +++ src/cf.data.pre 2011-03-18 11:23:34 +0000 @@ -4374,18 +4374,18 @@ performed). DOC_END -NAME: header_replace +NAME: request_header_replace header_replace IFDEF: USE_HTTP_VIOLATIONS TYPE: http_header_replace[] LOC: Config.request_header_access DEFAULT: none DOC_START - Usage: header_replace header_name message - Example: header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit) + Usage: request_header_replace header_name message + Example: request_header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit) This option allows you to change the contents of headers - denied with header_access above, by replacing them with - some fixed string. This replaces the old fake_user_agent + denied with request_header_access above, by replacing them + with some fixed string. This replaces the old fake_user_agent option. This only applies to request headers, not reply headers. @@ -4393,6 +4393,24 @@ By default, headers are removed if denied. DOC_END +NAME: reply_header_replace +IFDEF: USE_HTTP_VIOLATIONS +TYPE: http_header_replace[] +LOC: Config.reply_header_access +DEFAULT: none +DOC_START + Usage: reply_header_replace header_name message + Example: reply_header_replace Server Foo/1.0 + + This option allows you to change the contents of headers + denied with reply_header_access above, by replacing them + with some fixed string. + + This only applies to reply headers, not request headers. + + By default, headers are removed if denied. +DOC_END + NAME: relaxed_header_parser COMMENT: on|off|warn TYPE: tristate # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWUQ6h4IACytfgAQwUef//39n 3yq////wYA/HvfRFPR3agAAAAaJkIWU0K0rRtWyms2rVtaWlbBop6iGg0009QGjQAAAAaAAAI1UD 1PU8p+qAaaMmjQADQAaAAADjJk00wmRkDAjE0YIwg0aYABBEkQhR6p7Keian5JlHk01PTTFNNHpG amTEDRoEUpkp4mJpomnpT1MnkhqfpGp+ppDTyIaZqPUMQEUgQExGgmiaaMjSTRqDAnqbSD0mgxEB EEBAm3SNSNA9TCwRhHO5eH35XNklGLIMimhJ4bivOiEj0hd5HAUkwRxjCjTqztM1BaIPIWbmD2FB dcmoNBc3sD3Nj5MnE2xURpRLkYRLFhDJ1zKJYqi313C3gcnM3j3urRw5vzbAPmipv0SGxN+i7bTr ac52pIiDCmJEHEU4QCmIp7hIP5r/Ogx3oeVX4DcYjGEIEmH7i7bXHICX02SyeJNVrVhJb5FExuTX fmykd/CmRxkzpexfrOZdju+ZqK2HiaMGWPIFxr6BYc0M2HYGzAeeKL7GAGAfcEzGlIleSUi3j4rZ a2tfNMMt8ahMNjBgiCDZwTHGUVtkvrjvYMVqMuWGTgFMkIIDLGSzjTjPlkMhpUzDKZrif0KcA8zK 4yyc+YydGYqtEL6PAOeEhISEhIEbBfTgE6g0XG29ci/QLxfccK5QGmtJ7aBLTeQ+fz6d/j4H2ndy 8buZ5L5rmmf/nJPZpB6W3hrEo2jWIz28NuOnJMeBSUiMmatclSlxHTykCBGZoWZoApgJIERFMAdA iH8IDxOXQ0LB41CU02HqMxO30SQle5/e/k1EmMAj1SP6mma79UPQocWokhNSqey3CVEsvi2E+HFP SvAm7FKU6R/nNtFiOeAaOfDCcmfKu5WtEC7zrDuVubG+dJBtV8CdVu/DZz56qqqqqqqSqqu4F0wT pPKc+/yNzUKG7H5x4LfqJall+DcHrYCcjqdjAuEoghi3wTIXXECoJuLpQlyZiAIUYTbmW1YCSGp9 U3E7GJgTKqSi1wlR46UMsDIvJ1YLyhhWxUmckaYkjUsYnsSJEyRkXEHF+/AoTOK/vGCBloJmNFPY S3G+9OiOzWCSBxoNNgf2Bj2aCYAn4yAQ4mRRCXQz56HQnl2xMF0QQ3LTEpA70Jifq/DwNimptIZd BNO5o89VcN41unO+6+eFtaLYzxxNVxOeBckgKnOJbIw5iRtYyyYQqSgjxMaMQJrsV40EWxdS88My mZmDhh4K5l96OxgWMTM3NjMJFOXOhmYn2EhcW7n1bt+n9qXDuChghgcikxKwUTA6kjlPQmliycgC o3pHFNy+aPkJ/Ve3c5mhZxzE8hJVujgcxNSDXtzTczslwkkvIExMOKTRNDgftHmJ0KBUqdbiOR1K HM8F/TITu4bF+MT4lJQROu1HlHJC9OeJpVTG6B7YsjkEiWf3IQqBfMyPPoONE0DND4EFRuNCowYH MyMAOVi9OpcJj4rS22EjmDDTZJSdS0zCEpFY7ruVCpeaHA0NG8TidRv1680uTThSueQyWol4lLyU heZwGxY4GNTkJqMywl5cckYiWgkmgTEg4Fxicr9IU38dCZucD6foiBghNzQxISxloaDkjQmbmRqX idihIgqSJGJzPRCDzT9QmqBh9R78MwjaQZalJwdUKwmdrdiC9e52OmRBcWS44HhTPKudehcYdkzL s0oVMzI6hY5SO6SLyCxqWQ5FDIzJmutW48CuuxmJxMtvPUsTOKFcTTSpMuNi89V9H3SmXFzl15CZ 7xyuhZicCqQh2mJPrjfSAxUuOt0iwkig5HxHtYsZ9j0M281Njt27GJ8TkXmd9DwF0KliDgTJHA8S 8oSLg9R/tdl0l0wjBk8exmJcJoZl7cpUNrpGAX5YHzEvwOZdi9C+DQ5mRkF1pGBeXlSZyJkxILGR YA1BLGBcUDIgg/QJ3mlKl+gbJOdOJmJTYgqPAuPCYI2dSRofRMuNhryixBOukjYUlTokTLQqKiKI JF62VhiZSJGwxNLiRIkcxPq/BC6+3QdJnLhyPl06HIgMsCSYiboZFKNEmJkSKJQsSmJmkq4HOgmG JuWuyMioTmroULzuN5zMC42NT6tDYmZD7CZCYB8X5PyfgwTIgisL4XNBauvEAhGASV6NKTIRKf5M Be9E61hbmAT3MC/osAFJp6FmCSLMhYFdi1Swibkom2MjIyDISFoJ1u06R7RkXrXqWy5LS3hIlaws m6GCK3kXQiB7Hevb4h0Pi7nLgXGwCIGACIgIjf7F2/u/0+BA2Uhe2tiEzvdwS+Y/6/NuL4zj/bec jW/V5WvQzfq7j/A510lIXtTcbHEcB4n2cHkucnB0s0z/ZudbW2P2cXmNcRHOUaCZNNrl5Z8DmeJ+ jreBjuepH0dJCEjIQIQkhGTocydIJLUxKRMAshA6oo+f4Y5pCEhGDkfIaVnrPyO0h6T1GRnRoiP6 nadx3HvNYQ9Yew9nGHi41M57gQ252go1YzIvIUAvdd5BaOSpsRLyXdqNvdpGgQkiBVf7h0HBbex4 AZ2EqVCwnw/asw6gJfLcdVd1ekQGmUhOIflw6hFxU6n+35Ei83F4UDznxN5Ubyg6Skmd3hpMDXyH SVGc1GY5OZECDQsUIJEFPyK+QeZh+Y7LWvt+azT/JR5JwLt9gfIzNw+1rVKHgQHU8TuYlDm5nino J4nApwiQ0mqgTxxgkDIi1sp41Nid6ROh7r79wLnwgMlgoskQMBLYr/yt6BuJsXW/62cWn3kVgfGR SYGsMhNJDeiB4nqeB51v+BUgwXUTc8iCh8yxqai5toMwS4ovkGxiZqBLUzJvRX3wPQwP2XG5ciBs VMj5BtD1HolLdQCcBylbyN2viO4r5bYnC0Dp51pB5j9glVJxMJ/KD9NIl6hhWsVlePvSyc+i24BC kxJCrTJurtZaSY+sT0nDhfPLfdsv9FB0nASpsfeZHuZGeBLO+KeudOEuRmYkHqQZhkXBuFz9yeKx 5I1F3MYA8lhubxqieh4Fu4IFI3BtTI7F8yIG263oCjLiHAMsCgIKMjUd89QCoYz7jRNwhOoFgOHU M6j22RJrYAH35MpUuZF9uK0pYigXO0tYEnAC/6FstiOYSicC5TU4CHsKQseYGVVFkXKHVCy/XAIX khHxyVg8z0PmJ6HiV+n08yhceYliZMvKmJQ3LjYkXl5U+pqHueYwYFJvV1IzOZPEbOIwJ7RJ4ki6 FcjlWimkjRAoNzQWbL5xLkuNWLIJ2Fy4nKyvotXmU8i5Cdq5MrBGAL9glQsmWH4geMqISMYjIHti UCYh9/tFma76RNoJibPMiBHNfd+cIGagQzAvS4XALI+in4QjtpFpDHtRPPhu0Yhimaxs6VrWS2gb FgYBGGgzi8VFnjPOaxM610+40hWMvS+tfQN295gH2Sua91oiB2HqdvJEoJofJC9nMEv7BOICcDqF oCBu74DiJMc4HnXmGqhOtZLsE1JUiWBtHanoZcyv1XvO0I9TBQEphQSmFBKIU0UUEphTNia0DVzB NepdQv/IgcnlF2Ni9iwhNEDAIW9GAsh7Vw/nBIQulYmhAeolhmKnzDUWq22kyRKsQv44LYmlFKgR 1WoFy1TEC3UY3ZLAxcrWRIRBIiZl4uZeviA64GS2HPqRA5zOhYQfr1BWvWhnEQ6Xgt8WZJgVaL/R o7RIC4id/fRpk1om+1siv3TRMB9mv9h5ZBrCk9Q7ROInRSvBtbNC9a0X6gn53I4mol8AvyASgcQl SESVQz5qzS1bRYWwXuE9X5vKhpHvHzCXiWqn4uwJIypBI1Eg4oQqM0TFbytC5JXKawTgXpQ8fbsh SYgJcEqA8lAzxlCfSXvks4Rog2L71oHMsKkkNLoI+8TGV2AbMQCi2sFwROc91C4wXFYeyyJbP0ek jSwGXx6/eY2L5QP0oLE1rH2HELq4hUh+sDXkJddAsWZB5OcKFtkegSjw4Y0Z4QqrFHRPI0jwo6lF 3qHpNAJuDKb0/F5F0cpAkITjYRcs+1kTAK1nBtBuNx4HrB2rQkF4HOh9HyrNcwuYArHoBkrfvd7b UtXIeStZyCKL2XUxByXUJwMxCVdxZi/IDCCIOUGOY1RumiQiZPZZhM+KykiY/K8mCXrJjhsW2pZw vaaBgPgJ10aRIOwVN64TDnPBfpXsJ5Z6Pqde35D/Q4P4J9lwA7omp6HoouhhgU8gm0x4hOR9vIJl lNnrgfgdkovPCPxD0iZw9uhQziTDwCMVgcy9SRJcUoWasluHSJyrnBOnflrcVoGHQAfkJLH/xdyR ThQkEQ6h4IA=
