BUG/MEDIUM: http: fix "http-request reject" when not final
When "http-request reject" was introduced in 1.8 with commit 53275e8b0
("MINOR: http: implement the "http-request reject" rule"), it was already
broken. The code mentions "it always returns ACT_RET_STOP" and obviously
a gross copy-paste made it ACT_RET_CONT. If the rule is the last one it
properly blocks, but if not the last one it gets ignored, as can be seen
with this simple configuration :
frontend f1
bind :8011
mode http
http-request reject
http-request redirect location /
This trivial fix must be backported to 1.9 and 1.8. It is tracked by
github issue #107.
diff --git a/src/http_act.c b/src/http_act.c
index c1b94dd..daa789a 100644
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -202,7 +202,7 @@
if (!(s->flags & SF_FINST_MASK))
s->flags |= SF_FINST_R;
- return ACT_RET_CONT;
+ return ACT_RET_STOP;
}
/* parse the "reject" action: