Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 040c8cdbbe416a80a56b36f4b332e3c1f592c94f^! / .
commit040c8cdbbe416a80a56b36f4b332e3c1f592c94f[log] [tgz]
authorChristopher Faulet <cfaulet@haproxy.com>Mon Jan 13 16:43:45 2020 +0100
committerChristopher Faulet <cfaulet@haproxy.com>Mon Jan 20 15:18:46 2020 +0100
tree83da766acbbd9f9de14510b94316cf60a1db56fa
parentb58f62b316ce28539506a5c0aadde7c19d464c3f [diff]
MINOR: http-rules: Support an optional status on deny rules for http reponses

It is now possible to specified the status code to return an http-response deny
rules. For instance :

    http-response deny deny_status 500

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 1d69380..d12a3ae 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -5107,10 +5107,13 @@
   It takes one argument: "file name" It is the equivalent of the "del map"
   command from the stats socket, but can be triggered by an HTTP response.
 
-http-response deny [ { if | unless } <condition> ]
+http-response deny [deny_status <status>] [ { if | unless } <condition> ]
 
   This stops the evaluation of the rules and immediately rejects the response
-  and emits an HTTP 502 error. No further "http-response" rules are evaluated.
+  and emits an HTTP 502 error, or optionally the status code specified as an
+  argument to "deny_status". The list of permitted status codes is limited to
+  those that can be overridden by the "errorfile" directive.
+  No further "http-response" rules are evaluated.
 
 http-response redirect <rule> [ { if | unless } <condition> ]
 

diff --git a/src/http_act.c b/src/http_act.c
index 9907425..9123a7f 100644
--- a/src/http_act.c
+++ b/src/http_act.c

@@ -835,8 +835,34 @@
 static enum act_parse_ret parse_http_res_deny(const char **args, int *orig_arg, struct proxy *px,
 					      struct act_rule *rule, char **err)
 {
-	rule->action = ACT_ACTION_DENY;
+	int code, hc, cur_arg;
+
+	cur_arg = *orig_arg;
+	rule->action = ACT_ACTION_DENY;;
+	rule->arg.http.i = HTTP_ERR_502;
 	rule->flags |= ACT_FLAG_FINAL;
+
+	if (strcmp(args[cur_arg], "deny_status") == 0) {
+		cur_arg++;
+		if (!*args[cur_arg]) {
+			memprintf(err, "missing status code.\n");
+			return ACT_RET_PRS_ERR;
+		}
+
+		code = atol(args[cur_arg]);
+		cur_arg++;
+		for (hc = 0; hc < HTTP_ERR_SIZE; hc++) {
+			if (http_err_codes[hc] == code) {
+				rule->arg.http.i = hc;
+				break;
+			}
+		}
+		if (hc >= HTTP_ERR_SIZE)
+			memprintf(err, "status code %d not handled, using default code %d",
+				  code, http_err_codes[rule->arg.http.i]);
+	}
+
+	*orig_arg = cur_arg;
 	return ACT_RET_PRS_OK;
 }
 

diff --git a/src/http_ana.c b/src/http_ana.c
index 628116d..574f6eb 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c

@@ -3073,7 +3073,7 @@
 
 			case ACT_ACTION_DENY:
 				txn->flags |= TX_CLDENY;
-				txn->status = 502;
+				txn->status = http_err_codes[rule->arg.http.i];
 				rule_ret = HTTP_RULE_RES_DENY;
 				goto end;