See also : "option httpchk", "http-check disable-on-404"
-http-request { allow | deny | auth [realm <realm>] |
+http-request { allow | deny | auth [realm <realm>] | redirect <rule> |
add-header <name> <fmt> | set-header <name> <fmt> }
[ { if | unless } <condition> ]
Access control for Layer 7 requests
optional "realm" parameter is supported, it sets the authentication realm
that is returned with the response (typically the application's name).
+ - "redirect" : this performs an HTTP redirection based on a redirect rule.
+ This is exactly the same as the "redirect" statement except that it
+ inserts a redirect rule which can be processed in the middle of other
+ "http-request" rules. See the "redirect" keyword for the rule's syntax.
+
- "add-header" appends an HTTP header field whose name is specified in
<name> and whose value is defined by <fmt> which follows the log-format
rules (see Custom Log Format in section 8.2.4). This is particularly
case HTTP_REQ_ACT_AUTH:
return rule;
+ case HTTP_REQ_ACT_REDIR:
+ return rule;
+
case HTTP_REQ_ACT_SET_HDR:
ctx.idx = 0;
/* remove all occurrences of the header */
goto return_bad_req;
}
+ if (http_req_last_rule && http_req_last_rule->action == HTTP_REQ_ACT_REDIR) {
+ if (!http_apply_redirect_rule(http_req_last_rule->arg.redir, s, txn))
+ goto return_bad_req;
+ req->analyse_exp = TICK_ETERNITY;
+ return 1;
+ }
+
if (unlikely(do_stats)) {
/* process the stats request now */
if (!http_handle_stats(s, req)) {
rule = (struct http_req_rule*)calloc(1, sizeof(struct http_req_rule));
if (!rule) {
Alert("parsing [%s:%d]: out of memory.\n", file, linenum);
- return NULL;
+ goto out_err;
}
if (!strcmp(args[0], "allow")) {
if (!*args[cur_arg] || !*args[cur_arg+1] || *args[cur_arg+2]) {
Alert("parsing [%s:%d]: 'http-request %s' expects exactly 2 arguments.\n",
file, linenum, args[0]);
- return NULL;
+ goto out_err;
}
rule->arg.hdr_add.name = strdup(args[cur_arg]);
LIST_INIT(&rule->arg.hdr_add.fmt);
parse_logformat_string(args[cur_arg + 1], proxy, &rule->arg.hdr_add.fmt, PR_MODE_HTTP);
cur_arg += 2;
+ } else if (strcmp(args[0], "redirect") == 0) {
+ struct redirect_rule *redir;
+ char *errmsg;
+
+ if ((redir = http_parse_redirect_rule(file, linenum, proxy, (const char **)args + 1, &errmsg)) == NULL) {
+ Alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-request %s' rule : %s.\n",
+ file, linenum, proxy_type_str(proxy), proxy->id, args[0], errmsg);
+ goto out_err;
+ }
+
+ /* this redirect rule might already contain a parsed condition which
+ * we'll pass to the http-request rule.
+ */
+ rule->action = HTTP_REQ_ACT_REDIR;
+ rule->arg.redir = redir;
+ rule->cond = redir->cond;
+ redir->cond = NULL;
+ cur_arg = 2;
+ return rule;
} else {
Alert("parsing [%s:%d]: 'http-request' expects 'allow', 'deny', 'auth', 'add-header', 'set-header', but got '%s'%s.\n",
file, linenum, args[0], *args[0] ? "" : " (missing argument)");
- return NULL;
+ goto out_err;
}
if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
Alert("parsing [%s:%d] : error detected while parsing an 'http-request %s' condition : %s.\n",
file, linenum, args[0], errmsg);
free(errmsg);
- return NULL;
+ goto out_err;
}
rule->cond = cond;
}
Alert("parsing [%s:%d]: 'http-request %s' expects 'realm' for 'auth' or"
" either 'if' or 'unless' followed by a condition but found '%s'.\n",
file, linenum, args[0], args[cur_arg]);
- return NULL;
+ goto out_err;
}
return rule;
+ out_err:
+ free(rule);
+ return NULL;
}
/* Parses a redirect rule. Returns the redirect rule on success or NULL on error,
projects / thirdparty / haproxy.git / commitdiff
