[BUG] stats: admin web interface must check the proxy state
Similar to the stats socket bug, we must check that the proxy is not disabled
before trying to enable/disable a server.
Even if a disabled proxy is not displayed, someone can inject a faulty proxy
name in the POST parameters. So, we must ensure that no disabled proxy can be
used.
diff --git a/src/proto_http.c b/src/proto_http.c
index 1061c35..649f5df 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -2934,7 +2934,7 @@
if (backend && action && get_backend_server(backend, value, &px, &sv)) {
switch (action) {
case 1:
- if (! (sv->state & SRV_MAINTAIN)) {
+ if ((px->state != PR_STSTOPPED) && !(sv->state & SRV_MAINTAIN)) {
/* Not already in maintenance, we can change the server state */
sv->state |= SRV_MAINTAIN;
set_server_down(sv);
@@ -2942,7 +2942,7 @@
}
break;
case 2:
- if ((sv->state & SRV_MAINTAIN)) {
+ if ((px->state != PR_STSTOPPED) && (sv->state & SRV_MAINTAIN)) {
/* Already in maintenance, we can change the server state */
set_server_up(sv);
sv->health = sv->rise; /* up, but will fall down at first failure */