MEDIUM: http-rules: Support an optional error message in http deny rules
It is now possible to set the error message to use when a deny rule is
executed. It may be a specific error file, adding "errorfile <file>" :
http-request deny deny_status 400 errorfile /etc/haproxy/errorfiles/400badreq.http
It may also be an error file from an http-errors section, adding "errorfiles
<name>" :
http-request deny errorfiles my-errors # use 403 error from "my-errors" section
When defined, this error message is set in the HTTP transaction. The tarpit rule
is also concerned by this change.
diff --git a/src/http_ana.c b/src/http_ana.c
index 10ee241..82a9e14 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -2896,13 +2896,17 @@
case ACT_ACTION_DENY:
txn->flags |= TX_CLDENY;
- txn->status = http_err_codes[rule->arg.http.i];
+ txn->status = rule->arg.http_deny.status;
+ if (rule->arg.http_deny.errmsg)
+ txn->errmsg = rule->arg.http_deny.errmsg;
rule_ret = HTTP_RULE_RES_DENY;
goto end;
case ACT_HTTP_REQ_TARPIT:
txn->flags |= TX_CLTARPIT;
- txn->status = http_err_codes[rule->arg.http.i];
+ txn->status = rule->arg.http_deny.status;
+ if (rule->arg.http_deny.errmsg)
+ txn->errmsg = rule->arg.http_deny.errmsg;
rule_ret = HTTP_RULE_RES_DENY;
goto end;
@@ -3073,7 +3077,9 @@
case ACT_ACTION_DENY:
txn->flags |= TX_CLDENY;
- txn->status = http_err_codes[rule->arg.http.i];
+ txn->status = rule->arg.http_deny.status;
+ if (rule->arg.http_deny.errmsg)
+ txn->errmsg = rule->arg.http_deny.errmsg;
rule_ret = HTTP_RULE_RES_DENY;
goto end;