diff --git a/doc/configuration.txt b/doc/configuration.txt index 1d69380c8..d12a3ae1c 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -5107,10 +5107,13 @@ http-response del-map() [ { if | unless } ] It takes one argument: "file name" It is the equivalent of the "del map" command from the stats socket, but can be triggered by an HTTP response. -http-response deny [ { if | unless } ] +http-response deny [deny_status ] [ { if | unless } ] This stops the evaluation of the rules and immediately rejects the response - and emits an HTTP 502 error. No further "http-response" rules are evaluated. + and emits an HTTP 502 error, or optionally the status code specified as an + argument to "deny_status". The list of permitted status codes is limited to + those that can be overridden by the "errorfile" directive. + No further "http-response" rules are evaluated. http-response redirect [ { if | unless } ] diff --git a/src/http_act.c b/src/http_act.c index 9907425fc..9123a7f0a 100644 --- a/src/http_act.c +++ b/src/http_act.c @@ -835,8 +835,34 @@ static enum act_parse_ret parse_http_req_deny(const char **args, int *orig_arg, static enum act_parse_ret parse_http_res_deny(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err) { - rule->action = ACT_ACTION_DENY; + int code, hc, cur_arg; + + cur_arg = *orig_arg; + rule->action = ACT_ACTION_DENY;; + rule->arg.http.i = HTTP_ERR_502; rule->flags |= ACT_FLAG_FINAL; + + if (strcmp(args[cur_arg], "deny_status") == 0) { + cur_arg++; + if (!*args[cur_arg]) { + memprintf(err, "missing status code.\n"); + return ACT_RET_PRS_ERR; + } + + code = atol(args[cur_arg]); + cur_arg++; + for (hc = 0; hc < HTTP_ERR_SIZE; hc++) { + if (http_err_codes[hc] == code) { + rule->arg.http.i = hc; + break; + } + } + if (hc >= HTTP_ERR_SIZE) + memprintf(err, "status code %d not handled, using default code %d", + code, http_err_codes[rule->arg.http.i]); + } + + *orig_arg = cur_arg; return ACT_RET_PRS_OK; } diff --git a/src/http_ana.c b/src/http_ana.c index 628116d9b..574f6eb01 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -3073,7 +3073,7 @@ resume_execution: case ACT_ACTION_DENY: txn->flags |= TX_CLDENY; - txn->status = 502; + txn->status = http_err_codes[rule->arg.http.i]; rule_ret = HTTP_RULE_RES_DENY; goto end;