This patch is generated from the acl_work branch of HEAD in squid
Mon Jan 26 12:58:47 2004 GMT
See http://devel.squid-cache.org/

Index: squid/src/client_side.c
diff -u squid/src/client_side.c:1.18 squid/src/client_side.c:1.18.2.1
--- squid/src/client_side.c:1.18	Sun Feb 11 12:08:03 2001
+++ squid/src/client_side.c	Tue Feb 13 06:16:19 2001
@@ -1695,6 +1695,33 @@
     return 0;
 }
 
+
+/* Responses with no body will not have a content-type header, 
+ * which breaks the rep_mime_type acl, which
+ * coincidentally, is the most common acl for reply access lists.
+ * A better long term fix for this is to allow acl matchs on the various
+ * status codes, and then supply a default ruleset that puts these 
+ * codes before any user defines access entries. That way the user 
+ * can choose to block these responses where appropriate, but won't get
+ * mysterious breakages.
+ */
+static int
+clientAlwaysAllowResponse(http_status sline) {
+    switch (sline) {
+	case HTTP_CONTINUE:
+	case HTTP_SWITCHING_PROTOCOLS:
+	case HTTP_PROCESSING:
+	case HTTP_NO_CONTENT:
+	case HTTP_NOT_MODIFIED:
+	    return 1;
+	    /* unreached */
+	    break;
+	default:
+	    return 0;
+    }
+}
+
+
 /*
  * accepts chunk of a http message in buf, parses prefix, filters headers and
  * such, writes processed message to the client's socket
@@ -1776,10 +1803,10 @@
 		RequestMethodStr[http->request->method], http->uri,
 		rv ? "ALLOWED" : "DENIED",
 		AclMatchedName ? AclMatchedName : "NO ACL's");
-	    if (!rv && rep->sline.status!=HTTP_FORBIDDEN) {
-		/* the if above is slightly broken( 403 responses from upstream
-		 * will always be permitted, but AFAIK there is no way
-		 * to tell if this is a squid generated error page, or one from 
+	    if (!rv && rep->sline.status != HTTP_FORBIDDEN 
+		&& !clientAlwaysAllowResponse(rep->sline.status)) {
+		/* the if above is slightly broken, but there is no way
+		 * to tell if this is a squid generated error page, or one from
 		 * upstream at this point. */
 		ErrorState *err;
 		err = errorCon(ERR_ACCESS_DENIED, HTTP_FORBIDDEN);
squid-acl_work-HEAD.new squid-acl_work-HEAD differ: char 67, line 2