BUG/MINOR: rules: Forbid captures in defaults section if used by a backend

Captures must only be defined in proxies with the frontend capabilities or
in defaults sections used by proxies with the frontend capabilities. Thus,
an extra check is added to be sure a defaults section defining a capture
will never be references by a backend.

Note that in this case, only named captures in "tcp-request content" or
"http-request" rules are possible. It is not possible in a defaults section
to decalre a capture slot. Not yet at least.

This patch must be backported to 2.5. It is releated to issue #1674.

diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index 216e6d8d577fc7c9f2917465964bf781da7948e7..bcc89ba364d27bc319dddfc1909d1fbef1f25884 100644 (file)
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -406,6 +406,13 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
                        proxy_ref_defaults(curproxy, curr_defproxy);
                }
 
+               if ((rc & PR_CAP_BE) && curr_defproxy && (curr_defproxy->nb_req_cap || curr_defproxy->nb_rsp_cap)) {
+                       ha_alert("parsing [%s:%d]: backend or defaults sections cannot inherit from a defaults section defining"
+                                " capptures (defaults section at %s:%d).\n",
+                                file, linenum, curr_defproxy->conf.file, curr_defproxy->conf.line);
+                       err_code |= ERR_ALERT | ERR_ABORT;
+               }
+
                if (rc & PR_CAP_DEF) {
                        /* last and current proxies must be updated to this one */
                        curr_defproxy = last_defproxy = curproxy;