// like healthCheck request
func guessIsHealthCheckReq(req *http.Request) bool {
	if req == nil {
		return false
	}
	aType := getRequestAuthType(req)
	return aType == authTypeAnonymous && (req.Method == http.MethodGet || req.Method == http.MethodHead) &&
		(req.URL.Path == healthCheckPathPrefix+healthCheckLivenessPath ||
			req.URL.Path == healthCheckPathPrefix+healthCheckReadinessPath ||

    public void add(ModelProblemCollectorRequest req) {
        switch (req.getSeverity()) {
            case FATAL:
                if (!fatals.contains(req.getMessage())) {
                    fatals.add(req.getMessage());
                }
                break;
            case ERROR:
                if (!errors.contains(req.getMessage())) {
                    errors.add(req.getMessage());
                }
                break;

	e, err := c.endpoint(bucket, false)
	if err != nil {
		return newError(bucket, err)
	}
	req, err := http.NewRequestWithContext(ctx, http.MethodPost, e, nil)
	if err != nil {
		return newError(bucket, err)
	}
	if err = c.addAuthHeader(req); err != nil {
		return newError(bucket, err)
	}

	resp, err := c.httpClient.Do(req)
	if err != nil {
		if derr := c.Delete(bucket); derr != nil {
			return newError(bucket, derr)
		}

		return nil, errDecryptionFailed(err)
	}
	return plaintext, nil
}

// MAC generates the checksum of the given req.Message using the key
// with the req.Name at the KMS.
func (c *kesConn) MAC(ctx context.Context, req *MACRequest) ([]byte, error) {
	mac, err := c.client.HMAC(context.Background(), req.Name, req.Message)
	if err != nil {
		if errors.Is(err, kes.ErrKeyNotFound) {
			return nil, ErrKeyNotFound
		}

	data := url.Values{}
	data.Set("grant_type", "client_credentials")
	req, err := http.NewRequest(http.MethodPost, idpEndpoint, strings.NewReader(data.Encode()))
	if err != nil {
		return nil, err
	}
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.SetBasicAuth(clientID, clientSecret)
	t := &http.Transport{
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: true,

			objInfo, err := objectAPI.PutObject(ctx, bucket, req.Key, reader, ObjectOptions{
				Versioned:        globalBucketVersioningSys.PrefixEnabled(bucket, req.Key),
				VersionSuspended: globalBucketVersioningSys.PrefixSuspended(bucket, req.Key),
				UserDefined:      userDefined,
			})
			if err != nil {
				errs[idx] = err
				return
			}
			objInfos[idx] = objInfo
		}(i, req)
	}
	wg.Wait()

	return objInfos, errs

	"strings"
)

// guessIsLoginSTSReq - returns true if incoming request is Login STS user
func guessIsLoginSTSReq(req *http.Request) bool {
	if req == nil {
		return false
	}
	return strings.HasPrefix(req.URL.Path, loginPathPrefix) ||
		(req.Method == http.MethodPost && req.URL.Path == SlashSeparator &&
			getRequestAuthType(req) == authTypeSTS)

			if errCode != testCase.expected {
				t.Errorf("(%d) expected to get %s, instead got %s", i, niceError(testCase.expected), niceError(errCode))
			}
		} else {
			err = preSignV2(req, accessKey, secretKey, now.Unix()+60)
			if err != nil {
				t.Fatalf("(%d) failed to preSignV2 http request, got %v", i, err)
			}
			// Should be set since we are simulating a http server.
			req.RequestURI = req.URL.RequestURI()

			logKind = ek
		}
	}

	req := GetReqInfo(ctx)
	if req == nil {
		req = &ReqInfo{
			API:       "SYSTEM",
			RequestID: fmt.Sprintf("%X", time.Now().UTC().UnixNano()),
		}
	}
	req.RLock()
	defer req.RUnlock()

	API := "SYSTEM"
	switch {
	case req.API != "":
		API = req.API
	case subsystem != "":
		API += "." + subsystem
	}

	}

	for _, v := range headers {
		req := &http.Request{
			Header: http.Header{
				v.key: []string{v.val},
			},
		}
		res := GetSourceIP(req)
		if res != v.expected {
			t.Errorf("wrong header for %s: got %s want %s", v.key, res,
				v.expected)
		}
	}
}

func TestXFFDisabled(t *testing.T) {
	req := &http.Request{
		Header: http.Header{
			xForwardedFor: []string{"8.8.8.8"},