diff --git a/include/proto/proto_tcp.h b/include/proto/proto_tcp.h
index 96488f107..056129c14 100644
--- a/include/proto/proto_tcp.h
+++ b/include/proto/proto_tcp.h
@@ -38,7 +38,7 @@ int tcp_get_dst(int fd, struct sockaddr *sa, socklen_t salen, int dir);
 int tcp_drain(int fd);
 int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit);
 int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit);
-int tcp_exec_req_rules(struct stream *s);
+int tcp_exec_req_rules(struct session *sess);
 
 /* TCP keywords. */
 void tcp_req_conn_keywords_register(struct tcp_action_kw_list *kw_list);
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index b7451ef99..17ec22e1b 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1360,9 +1360,8 @@ resume_execution:
  * matches or if no more rule matches. It can only use rules which don't need
  * any data. This only works on connection-based client-facing stream interfaces.
  */
-int tcp_exec_req_rules(struct stream *s)
+int tcp_exec_req_rules(struct session *sess)
 {
-	struct session *sess = s->sess;
 	struct tcp_rule *rule;
 	struct stksess *ts;
 	struct stktable *t = NULL;
@@ -1377,7 +1376,7 @@ int tcp_exec_req_rules(struct stream *s)
 		ret = ACL_TEST_PASS;
 
 		if (rule->cond) {
-			ret = acl_exec_cond(rule->cond, sess->fe, sess, s, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
+			ret = acl_exec_cond(rule->cond, sess->fe, sess, NULL, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
 			ret = acl_pass(ret);
 			if (rule->cond->pol == ACL_COND_UNLESS)
 				ret = !ret;
@@ -1390,10 +1389,6 @@ int tcp_exec_req_rules(struct stream *s)
 				if (sess->listener->counters)
 					sess->listener->counters->denied_conn++;
 
-				if (!(s->flags & SF_ERR_MASK))
-					s->flags |= SF_ERR_PRXCOND;
-				if (!(s->flags & SF_FINST_MASK))
-					s->flags |= SF_FINST_R;
 				result = 0;
 				break;
 			}
@@ -1407,7 +1402,7 @@ int tcp_exec_req_rules(struct stream *s)
 					continue;
 
 				t = rule->act_prm.trk_ctr.table.t;
-				key = stktable_fetch_key(t, s->be, sess, s, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr, NULL);
+				key = stktable_fetch_key(t, sess->fe, sess, NULL, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr, NULL);
 
 				if (key && (ts = stktable_get_entry(t, key)))
 					stream_track_stkctr(&sess->stkctr[tcp_trk_idx(rule->action)], t, ts);
@@ -1418,7 +1413,7 @@ int tcp_exec_req_rules(struct stream *s)
 			}
 			else {
 				/* Custom keywords. */
-				rule->action_ptr(rule, sess->fe, s);
+				rule->action_ptr(rule, sess->fe, NULL);
 
 				/* otherwise it's an accept */
 				break;
diff --git a/src/stream.c b/src/stream.c
index 7f2f27a44..b3eba1215 100644
--- a/src/stream.c
+++ b/src/stream.c
@@ -157,7 +157,7 @@ int stream_accept(struct listener *l, int cfd, struct sockaddr_storage *addr)
 	 * to abort right here as soon as possible, we check the rules before
 	 * even initializing the stream interfaces.
 	 */
-	if ((l->options & LI_O_TCP_RULES) && !tcp_exec_req_rules(s)) {
+	if ((l->options & LI_O_TCP_RULES) && !tcp_exec_req_rules(sess)) {
 		/* let's do a no-linger now to close with a single RST. */
 		setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
 		ret = 0; /* successful termination */