mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 14:21:25 +02:00
Code Issues Projects Releases Wiki Activity

[MINOR] acl: detect and report potential mistakes in ACLs

Browse Source 
I've discovered a configuration with lots of occurrences of the
following :

    acl xxx hdr_beg (host) xxx

The problem is that hdr_beg will match every header against patterns
(host) and xxx due to the space between both, which certainly is not
what the user wanted. Now we detect such ACLs and report a warning
with a suggestion to add "--" between "hdr_beg" and "(host)" if this
is definitely what is wanted.
This commit is contained in:
Willy Tarreau 2009-07-26 19:40:40 +02:00
parent 43e0e39978
commit 404e8ab461
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/acl.c
View File

@ -19,6 +19,7 @@
#include <common/standard.h>
#include <proto/acl.h>
#include <proto/log.h>
/* The capabilities of filtering hooks describe the type of information
* available to each of them.
@ -761,6 +762,18 @@ struct acl *parse_acl(const char **args, struct list *known_acl)
if (!acl_expr)
goto out_return;
/* Check for args beginning with an opening parenthesis just after the
* subject, as this is almost certainly a typo. Right now we can only
* emit a warning, so let's do so.
*/
if (*args[2] == '(')
Warning("parsing acl '%s' :\n"
" matching '%s' for pattern '%s' is likely a mistake and probably\n"
" not what you want. Maybe you need to remove the extraneous space before '('.\n"
" If you are really sure this is not an error, please insert '--' between the\n"
" match and the pattern to make this warning message disappear.\n",
args[0], args[1], args[2]);
cur_acl = find_acl_by_name(args[0], known_acl);
if (!cur_acl) {
name = strdup(args[0]);