BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back
http-after-response rules evaluation must be stopped after a "allow". It
means the frontend ruleset must not be evaluated if a "allow" was performed
in the backend ruleset. Internally, the evaluation must be stopped if on
HTTP_RULE_RES_STOP return value. Only the "allow" action is concerned by
this change.
Thanks to this patch, http-response and http-after-response behave in the
same way.
This patch should be backported as far as 2.2.
diff --git a/reg-tests/http-rules/http_after_response.vtc b/reg-tests/http-rules/http_after_response.vtc
index af66498..0a37daa 100644
--- a/reg-tests/http-rules/http_after_response.vtc
+++ b/reg-tests/http-rules/http_after_response.vtc
@@ -182,11 +182,11 @@
client c5 -connect ${h1_feh1_sock} {
txreq -req GET -url /deny-srv
rxresp
- expect resp.status == 200
- expect resp.http.be-sl1 == ""
- expect resp.http.be-sl2 == ""
- expect resp.http.be-hdr == ""
- expect resp.http.fe-sl1-crc == 3104968915
- expect resp.http.fe-sl2-crc == 561949791
- expect resp.http.fe-hdr-crc == 623352154
+ expect resp.status == 502
+ expect resp.http.be-sl1 == <undef>
+ expect resp.http.be-sl2 == <undef>
+ expect resp.http.be-hdr == <undef>
+ expect resp.http.sl1 == <undef>
+ expect resp.http.sl2 == <undef>
+ expect resp.http.hdr == <undef>
} -run
diff --git a/src/http_ana.c b/src/http_ana.c
index 7e32fb8..2033d46 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -2950,7 +2950,7 @@
}
ret = http_res_get_intercept_rule(s->be, &s->be->http_after_res_rules, s);
- if ((ret == HTTP_RULE_RES_CONT || ret == HTTP_RULE_RES_STOP) && sess->fe != s->be)
+ if (ret == HTTP_RULE_RES_CONT && sess->fe != s->be)
ret = http_res_get_intercept_rule(sess->fe, &sess->fe->http_after_res_rules, s);
end: