# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20080510083403-yvh2hcg32si37mn2
# target_branch: file:///src/squid/bzr/trunk/
# testament_sha1: 949caa2b1f93b51639403fe51a3b280739dfcf85
# timestamp: 2008-05-10 20:38:06 +1200
# message: bug2223
# base_revision_id: squid3@treenet.co.nz-20080509142720-\
#   2poblnlbjozuatb2
# 
# Begin patch
=== modified file 'src/AuthUser.cci'
--- src/AuthUser.cci	2008-05-09 14:13:10 +0000
+++ src/AuthUser.cci	2008-05-10 08:34:03 +0000
@@ -37,6 +37,8 @@
 #include "assert.h"
 /* for xstrdup() */
 #include "util.h"
+/* for safe_free() */
+#include "defines.h"
 
 char const *
 AuthUser::username () const

=== modified file 'src/cf.data.pre'
--- src/cf.data.pre	2008-05-02 10:59:20 +0000
+++ src/cf.data.pre	2008-05-10 08:34:03 +0000
@@ -5453,20 +5453,28 @@
 DOC_END
 
 NAME: forwarded_for
-COMMENT: on|off
-TYPE: onoff
+COMMENT: on|off|transparent|truncate|delete
+TYPE: string
 DEFAULT: on
 LOC: opt_forwarded_for
 DOC_START
-	If set, Squid will include your system's IP address or name
-	in the HTTP requests it forwards.  By default it looks like
-	this:
+	If set to "on", Squid will append your client's IP address
+	in the HTTP requests it forwards. By default it looks like:
 
 		X-Forwarded-For: 192.1.2.3
 
-	If you disable this, it will appear as
+	If set to "off", it will appear as
 
 		X-Forwarded-For: unknown
+
+	If set to "transparent", Squid will not alter the
+	X-Forwarded-For header in any way.
+
+	If set to "delete", Squid will delete the entire
+	X-Forwarded-For header.
+
+	If set to "truncate", Squid will remove all existing
+	X-Forwarded-For entries, and place itself as the sole entry.
 DOC_END
 
 NAME: cachemgr_passwd

=== modified file 'src/globals.h'
--- src/globals.h	2008-04-08 13:14:49 +0000
+++ src/globals.h	2008-05-10 08:34:03 +0000
@@ -97,7 +97,7 @@
     extern int opt_debug_stderr;	/* -1 */
     extern int opt_dns_tests;	/* 1 */
     extern int opt_foreground_rebuild;	/* 0 */
-    extern int opt_forwarded_for;	/* 1 */
+    extern char *opt_forwarded_for;	/* NULL */
     extern int opt_reload_hit_only;	/* 0 */
 #if HAVE_SYSLOG
 

=== modified file 'src/http.cc'
--- src/http.cc	2008-04-19 04:49:16 +0000
+++ src/http.cc	2008-05-10 08:34:03 +0000
@@ -1371,8 +1371,9 @@
     /* building buffer for complex strings */
 #define BBUF_SZ (MAX_URL+32)
     LOCAL_ARRAY(char, bbuf, BBUF_SZ);
+    LOCAL_ARRAY(char, ntoabuf, MAX_IPSTRLEN);
     const HttpHeader *hdr_in = &orig_request->header;
-    const HttpHeaderEntry *e;
+    const HttpHeaderEntry *e = NULL;
     String strFwd;
     HttpHeaderPos pos = HttpHeaderInitPos;
     assert (hdr_out->owner == hoRequest);
@@ -1423,9 +1424,39 @@
     }
 #endif
 
-    /* append X-Forwarded-For */
+#if 1 /* new code */
     strFwd = hdr_in->getList(HDR_X_FORWARDED_FOR);
 
+    /** \pre Handle X-Forwarded-For */
+    if(strcmp(opt_forwarded_for, "delete") != 0) {
+        if(strcmp(opt_forwarded_for, "on") == 0) {
+            /** If set to ON - append client IP or 'unknown'. */
+            strFwd = hdr_in->getList(HDR_X_FORWARDED_FOR);
+            if( orig_request->client_addr.IsNoAddr() )
+                strListAdd(&strFwd, "unknown", ',');
+            else
+                strListAdd(&strFwd, orig_request->client_addr.NtoA(ntoabuf, MAX_IPSTRLEN), ',');
+        } else if(strcmp(opt_forwarded_for, "off") == 0) {
+            /** If set to OFF - append 'unknown'. */
+            strFwd = hdr_in->getList(HDR_X_FORWARDED_FOR);
+            strListAdd(&strFwd, "unknown", ',');
+        } else if(strcmp(opt_forwarded_for, "transparent") == 0) {
+            /** If set to TRANSPARENT - pass through unchanged. */
+            strFwd = hdr_in->getList(HDR_X_FORWARDED_FOR);
+        } else if(strcmp(opt_forwarded_for, "truncate") == 0) {
+            /** If set to TRUNCATE - drop existing list and replace with client IP or 'unknown'. */
+            if( orig_request->client_addr.IsNoAddr() )
+                strFwd = "unknown";
+            else
+                strFwd = orig_request->client_addr.NtoA(ntoabuf, MAX_IPSTRLEN);
+        }
+        if(strFwd.size() > 0)
+            hdr_out->putStr(HDR_X_FORWARDED_FOR, strFwd.buf());
+    }
+    /** If set to DELETE - do not copy through. */
+
+#else
+
     if (opt_forwarded_for && !orig_request->client_addr.IsNoAddr()) {
         orig_request->client_addr.NtoA(bbuf,MAX_IPSTRLEN);
         strListAdd(&strFwd, bbuf, ',');
@@ -1435,6 +1466,7 @@
 
     hdr_out->putStr(HDR_X_FORWARDED_FOR, strFwd.buf());
 
+#endif
     strFwd.clean();
 
     /* append Host if not there already */

# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWfJS5BsABSxfgER0eff//393
3uS////+YAnOCz4O6ZQp0GidlapRpamFNtIwkkgm0pghvUIzSniZRhppHk9UxNpPJDQepoDQCVEm
MmQZU9TxRo0ABoAxGhoAAAAHMJoDQGjRhGgxGmJkxNBhGgZAMmAkRE0I1FPamyBlJ7Snp6KDyjEa
ZDQPUaPUAGnqHMJoDQGjRhGgxGmJkxNBhGgZAMmAkkCAACTJo0U9GhppT2qep6NpqZqninplNPSM
anlEohYJRELbjZrPG5haLgvxYmPGKdseWpXGre6MLlirYrba23Q4Onwmi3t+n/QDBm2kNONLeixX
HPwKiGqvdlwmLvrcsWdLSFvhuM3ITOGGe1LpoO6nt5hJIsJLLPn4RttsbGfBqhU9k7COC84fRa6Q
plPn9Pynrx50ewNIMbQNtg+XQj9+9I8n9brYsOZ63zs5/PW6l2KramPVFL4vna78KnRTGJl3uGTj
aJNmthzI18/VU38LGhDsaddqESTEsGJNe2IeaZnXj7esbLgJpH78nlG/VkGG2hgsSQnxAFT6vfUb
KqmxEoWkPgHLYvHURQ1xRtSiZxYxTHUT2HEKe+YKnrJxMkQZCRUCBEyKWzxgSINEpDGJkJcT3VpS
qduR/Sbf4enh09nilKDpujyW0hKdg8dVsoVOu0we5MOGH8aFCV3PAWIMDAyQyDzh93cFPRu3qKgm
VjKJcpFo+Kf9Jd50okK+BryWpgaCG7DkbwHzZjxo9LMBSkdF6MiistTJRaMaKVOjkzLzgJxzmMTn
NyQcwQTG0Nya1L6JN9/KLN0mAxyCw3cLbL7eKGar77BXYoWQInjVgzAj8KOhBqyXvZqBnI5A70cE
KApzQcHCzxFxkA3jdSlBUC4rLJEhgpLvdFYFwFxtwL6E+g2dgoJQFaEnIDCyQYJgngZgklFrGckT
n8HQ4/tkYOZJU1vwYpiQBUmFxOP8Xxk+VN2Y8nykKJiVopRvRB4yagav0XPLCU9BNM1RP23lpkZw
6J0CIoiTb/j4zMaTObjH3s+U8ZJLNONYqIy0mVMkI2GelBPxwfEVYwoCd6njgoFM821+U12tUMpF
DrQeTEI6CkaCqScb8yctJGoKtPBfWvSt073llAsgVk0xItB+JF4omQJxIFQbiRgYikNXB6InKCrO
UmGBFxgVl5EqulAxrQ7wUhKMbESsiBQVJ4qKDNCrUkuVGDZJACLx47FE3FYQIG8XUMXWU533FZSR
JWokwKziO0WpgKau8cgkVVEh44eajVc1rjeaDH4AXRpZRS5d0rERwvKHzCZxULx7bVYnGSWxEpID
hh5uguywyMGad5cUBSDF+sVQYjEWfe0p1eKQRHkxkTlZxuBSFbVmUOpYHfYuBDiJ9xNEgJQGcPHj
mxGUCBjSXx137z2GtzYFJldtYVlbA/kLwfLieYDpziI12CdxDg2LQeUStETl5EiaXF8W7/74BS0+
QrRPyRihR8np97I3MuY7FeyD3Ma/p9YQjyaDS2PAgjKOJjbbO0GKwb3qR19U2gtJz4dQGAI7D9e7
6h8PtD+FHJTFJUbAYZk3Ptv/n3RpCH7hMHhL5fujmU97uP9bMwLNglER8QecGCK99jJmZ6PaNUWL
D/p7/lxq1TrHAnU8ziJwKyt/I2YH8rj/3vlZBTRkiE3Icga+ZZkuGTgvvrnT18SsZ+5hU5Gx8oYh
jPDvh3pXhvh1pMW1G5QGxSk57gv2eOokORpGR2HSHMdZSdBXO+MzrrO5e/noC8PAyWqUoFKY10ZG
koczHPqQB4nVfm7vALgCKb/C3r4J+YUMd/b6qqj3TEjBThyHKc7GBccDkXuNxo4nMPmVFRWtNVdl
AIffBjiNZbNh5x5A2DHEGAkNTiLxTrnKRnY8zXFILkr1bd+eapjBbAlqjW8EVH9MVDoQ9uuFik+X
UrlcIdXqOM5rIqCLxSJuh6ROlYuYmPOjIXHw5tEllv/84cphXXIYhmLeDh340j31srR98V5Ij8FB
KVl4ydTMCbaZFXsqVJwly9JpIfj123zm0oOQ5T523GxjrR1FGTBm2YQSxNEeaJn7Nhs0Avpck406
nIQ/7Nawtx9focFMZ3KsAjcUTQwqbEwhJYGoZinxzDl4heuRk208AM0yFEEZK8T5JEM4WKpB5KXV
ES/vQujcolzCZVLacRtP6lcTlJFmFtZ4TsHHnKh49EKC9WlReimH0DzBqEGt+Lj8UmTv2eJ7Wy/0
6Y2Mm0BVgzbyCTSpSg6KWk8p7+PpCJ3UcYKSPKIg5NeKATl1SF7WHhse9XXs4n3gFKfUC/bJmyzB
LjSPAlBTHV14n18ubmIomCfgC9YFJIPdWq/SlNlNSxS3b6JNzmhKwhlTgSH7BXVMt5j1PRLzheOo
XLbSoF2+l+rARiLrPmVld42YhkwN/4xa2aOBKl77bAxhkeqyk0SqcUueJbu47QLdMSiRy4rBw2q4
LVYKqH050Tgs+BaSNQ22oUQZgUINHiQwzO7YTeNOUnBdMgi6ZFR6LC8SuW4VrA7wDdVwjDuhIcpH
oBE2/pQuTIEdDz4DK5b1HW/sPy77L4+AneTEzhHdBzSqpFojvgRxce1JyC9J4OV8EnIILf4lhUd3
liRF/xSeiZdY51eiYPH4/CKECQs8ApCBw6D1qPOHg+/QrrhqgPZq7usR+iWKEc0QsLHCkTENvcao
RShQGiWUQpCUvkkLwaLgDoxZlRR6eEwI5eIoAGcDWZ/k8NGT9pVNTSYAzKDoU2hYRJMSBwAzMMX2
w4eGPom685yumkc3KpbsCN42sdaeTCiNt0xyiTIgjECspGGIJhSkAf93h8LNZAmDD3NLLZggGm1c
l7fsT+dZu2lCEPmlRnScY5qtGmQuDpBJLSIIY3zUEVFRkHATDygXK5hcDYybGlxvARTwz5qpDN7s
JMyxyMiiF5iFVJqodcoXEvNCPAEXEOipClmNg4TY9K+WMiXadagePXVHWHzbYPBLjm2Vg2S8qyn2
Yjrjb3VHi+QpD/NqvMC2gu4xAMez1CHII0iqHsa4RC9hH4WVbWzlDAgvYL5En9/b6b/XseCqBDVZ
BWeSC7SdEc2Kx4eAf8XckU4UJDyUuQbA