This patch is generated from the acl_work branch of HEAD in squid Mon Jan 26 12:58:47 2004 GMT See http://devel.squid-cache.org/ Index: squid/src/client_side.c diff -u squid/src/client_side.c:1.18 squid/src/client_side.c:1.18.2.1 --- squid/src/client_side.c:1.18 Sun Feb 11 12:08:03 2001 +++ squid/src/client_side.c Tue Feb 13 06:16:19 2001 @@ -1695,6 +1695,33 @@ return 0; } + +/* Responses with no body will not have a content-type header, + * which breaks the rep_mime_type acl, which + * coincidentally, is the most common acl for reply access lists. + * A better long term fix for this is to allow acl matchs on the various + * status codes, and then supply a default ruleset that puts these + * codes before any user defines access entries. That way the user + * can choose to block these responses where appropriate, but won't get + * mysterious breakages. + */ +static int +clientAlwaysAllowResponse(http_status sline) { + switch (sline) { + case HTTP_CONTINUE: + case HTTP_SWITCHING_PROTOCOLS: + case HTTP_PROCESSING: + case HTTP_NO_CONTENT: + case HTTP_NOT_MODIFIED: + return 1; + /* unreached */ + break; + default: + return 0; + } +} + + /* * accepts chunk of a http message in buf, parses prefix, filters headers and * such, writes processed message to the client's socket @@ -1776,10 +1803,10 @@ RequestMethodStr[http->request->method], http->uri, rv ? "ALLOWED" : "DENIED", AclMatchedName ? AclMatchedName : "NO ACL's"); - if (!rv && rep->sline.status!=HTTP_FORBIDDEN) { - /* the if above is slightly broken( 403 responses from upstream - * will always be permitted, but AFAIK there is no way - * to tell if this is a squid generated error page, or one from + if (!rv && rep->sline.status != HTTP_FORBIDDEN + && !clientAlwaysAllowResponse(rep->sline.status)) { + /* the if above is slightly broken, but there is no way + * to tell if this is a squid generated error page, or one from * upstream at this point. */ ErrorState *err; err = errorCon(ERR_ACCESS_DENIED, HTTP_FORBIDDEN); squid-acl_work-HEAD.new squid-acl_work-HEAD differ: char 67, line 2