mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-23 06:41:32 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: http-rules: Support an optional status on deny rules for http reponses

Browse Source 
It is now possible to specified the status code to return an http-response deny
rules. For instance :

    http-response deny deny_status 500
This commit is contained in:
Christopher Faulet 2020-01-13 16:43:45 +01:00
parent b58f62b316
commit 040c8cdbbe
3 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/configuration.txt
View File

@ -5107,10 +5107,13 @@ http-response del-map(<file-name>) <key fmt> [ { if | unless } <condition> ]
It takes one argument: "file name" It is the equivalent of the "del map" It takes one argument: "file name" It is the equivalent of the "del map"
command from the stats socket, but can be triggered by an HTTP response. command from the stats socket, but can be triggered by an HTTP response.
http-response deny [ { if | unless } <condition> ] http-response deny [deny_status <status>] [ { if | unless } <condition> ]
This stops the evaluation of the rules and immediately rejects the response This stops the evaluation of the rules and immediately rejects the response
and emits an HTTP 502 error. No further "http-response" rules are evaluated. and emits an HTTP 502 error, or optionally the status code specified as an
argument to "deny_status". The list of permitted status codes is limited to
those that can be overridden by the "errorfile" directive.
No further "http-response" rules are evaluated.
http-response redirect <rule> [ { if | unless } <condition> ] http-response redirect <rule> [ { if | unless } <condition> ]

28
src/http_act.c
View File

@ -835,8 +835,34 @@ static enum act_parse_ret parse_http_req_deny(const char **args, int *orig_arg,
static enum act_parse_ret parse_http_res_deny(const char **args, int *orig_arg, struct proxy *px, static enum act_parse_ret parse_http_res_deny(const char **args, int *orig_arg, struct proxy *px,
struct act_rule *rule, char **err) struct act_rule *rule, char **err)
{ {
rule->action = ACT_ACTION_DENY; int code, hc, cur_arg;
cur_arg = *orig_arg;
rule->action = ACT_ACTION_DENY;;
rule->arg.http.i = HTTP_ERR_502;
rule->flags |= ACT_FLAG_FINAL; rule->flags |= ACT_FLAG_FINAL;
if (strcmp(args[cur_arg], "deny_status") == 0) {
cur_arg++;
if (!*args[cur_arg]) {
memprintf(err, "missing status code.\n");
return ACT_RET_PRS_ERR;
}
code = atol(args[cur_arg]);
cur_arg++;
for (hc = 0; hc < HTTP_ERR_SIZE; hc++) {
if (http_err_codes[hc] == code) {
rule->arg.http.i = hc;
break;
}
}
if (hc >= HTTP_ERR_SIZE)
memprintf(err, "status code %d not handled, using default code %d",
code, http_err_codes[rule->arg.http.i]);
}
*orig_arg = cur_arg;
return ACT_RET_PRS_OK; return ACT_RET_PRS_OK;
} }

2
src/http_ana.c
View File

@ -3073,7 +3073,7 @@ resume_execution:
case ACT_ACTION_DENY: case ACT_ACTION_DENY:
txn->flags |= TX_CLDENY; txn->flags |= TX_CLDENY;
txn->status = 502; txn->status = http_err_codes[rule->arg.http.i];
rule_ret = HTTP_RULE_RES_DENY; rule_ret = HTTP_RULE_RES_DENY;
goto end; goto end;