MINOR: http-rules: Support an optional status on deny rules for http reponses

It is now possible to specified the status code to return an http-response deny rules. For instance : http-response deny deny_status 500
2025-09-22 22:31:28 +02:00 · 2020-01-13 16:43:45 +01:00 · 2020-01-13 16:43:45 +01:00 · 040c8cdbbe
commit 040c8cdbbe
parent b58f62b316
3 changed files with 33 additions and 4 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -5107,10 +5107,13 @@ http-response del-map(<file-name>) <key fmt> [ { if | unless } <condition> ]
  It takes one argument: "file name" It is the equivalent of the "del map"
  command from the stats socket, but can be triggered by an HTTP response.

-http-response deny [ { if | unless } <condition> ]
+http-response deny [deny_status <status>] [ { if | unless } <condition> ]

  This stops the evaluation of the rules and immediately rejects the response
-  and emits an HTTP 502 error. No further "http-response" rules are evaluated.
+  and emits an HTTP 502 error, or optionally the status code specified as an
+  argument to "deny_status". The list of permitted status codes is limited to
+  those that can be overridden by the "errorfile" directive.
+  No further "http-response" rules are evaluated.

 http-response redirect <rule> [ { if | unless } <condition> ]

--- a/src/http_act.c
+++ b/src/http_act.c
@ -835,8 +835,34 @@ static enum act_parse_ret parse_http_req_deny(const char **args, int *orig_arg,
 static enum act_parse_ret parse_http_res_deny(const char **args, int *orig_arg, struct proxy *px,
 					      struct act_rule *rule, char **err)
 {
-	rule->action = ACT_ACTION_DENY;
+	int code, hc, cur_arg;
+
+	cur_arg = *orig_arg;
+	rule->action = ACT_ACTION_DENY;;
+	rule->arg.http.i = HTTP_ERR_502;
 	rule->flags |= ACT_FLAG_FINAL;
+
+	if (strcmp(args[cur_arg], "deny_status") == 0) {
+		cur_arg++;
+		if (!*args[cur_arg]) {
+			memprintf(err, "missing status code.\n");
+			return ACT_RET_PRS_ERR;
+		}
+
+		code = atol(args[cur_arg]);
+		cur_arg++;
+		for (hc = 0; hc < HTTP_ERR_SIZE; hc++) {
+			if (http_err_codes[hc] == code) {
+				rule->arg.http.i = hc;
+				break;
+			}
+		}
+		if (hc >= HTTP_ERR_SIZE)
+			memprintf(err, "status code %d not handled, using default code %d",
+				  code, http_err_codes[rule->arg.http.i]);
+	}
+
+	*orig_arg = cur_arg;
 	return ACT_RET_PRS_OK;
 }

--- a/src/http_ana.c
+++ b/src/http_ana.c
@ -3073,7 +3073,7 @@ resume_execution:

 			case ACT_ACTION_DENY:
 				txn->flags |= TX_CLDENY;
-				txn->status = 502;
+				txn->status = http_err_codes[rule->arg.http.i];
 				rule_ret = HTTP_RULE_RES_DENY;
 				goto end;