diff --git a/doc/configuration.txt b/doc/configuration.txt index 3949764cb..324b424fb 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -3627,7 +3627,10 @@ tcp-request inspect-delay rules for every new chunk which gets in, taking into account the fact that those data are partial. If no rule matches before the aforementionned delay, a last check is performed upon expiration, this time considering that the - contents are definitive. + contents are definitive. If no delay is set, haproxy will not wait at all + and will immediately apply a verdict based on the available information. + Obviously this is unlikely to be very useful and might even be racy, so such + setups are not recommended. As soon as a rule matches, the request is released and continues as usual. If the timeout is reached and no rule matches, the default policy will be to let diff --git a/src/cfgparse.c b/src/cfgparse.c index 08fad6779..1158988ff 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -3469,7 +3469,8 @@ int readcfgfile(const char *file) if (curproxy->mode == PR_MODE_HTTP) listener->analysers |= AN_REQ_HTTP_HDR; - if (curproxy->tcp_req.inspect_delay) + if (curproxy->tcp_req.inspect_delay || + !LIST_ISEMPTY(&curproxy->tcp_req.inspect_rules)) listener->analysers |= AN_REQ_INSPECT; listener = listener->next; diff --git a/src/proto_tcp.c b/src/proto_tcp.c index 2fb6a85c7..ec9d23a0c 100644 --- a/src/proto_tcp.c +++ b/src/proto_tcp.c @@ -404,7 +404,7 @@ int tcp_inspect_request(struct session *s, struct buffer *req) * - if one rule returns KO, then return KO */ - if (req->flags & BF_SHUTR || tick_is_expired(req->analyse_exp, now_ms)) + if (req->flags & BF_SHUTR || !s->fe->tcp_req.inspect_delay || tick_is_expired(req->analyse_exp, now_ms)) partial = 0; else partial = ACL_PARTIAL; @@ -417,7 +417,7 @@ int tcp_inspect_request(struct session *s, struct buffer *req) if (ret == ACL_PAT_MISS) { buffer_write_dis(req); /* just set the request timeout once at the beginning of the request */ - if (!tick_isset(req->analyse_exp)) + if (!tick_isset(req->analyse_exp) && s->fe->tcp_req.inspect_delay) req->analyse_exp = tick_add_ifset(now_ms, s->fe->tcp_req.inspect_delay); return 0; }