From: Willy Tarreau <w@1wt.eu>
Date: Tue, 28 May 2019 06:26:17 +0000 (+0200)
Subject: BUG/MEDIUM: http: fix "http-request reject" when not final
X-Git-Tag: v2.0-dev5~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11c90fbd92cfaa5695e328481402d62d536456ef;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: http: fix "http-request reject" when not final

When "http-request reject" was introduced in 1.8 with commit 53275e8b0
("MINOR: http: implement the "http-request reject" rule"), it was already
broken. The code mentions "it always returns ACT_RET_STOP" and obviously
a gross copy-paste made it ACT_RET_CONT. If the rule is the last one it
properly blocks, but if not the last one it gets ignored, as can be seen
with this simple configuration :

    frontend f1
        bind :8011
        mode http
        http-request reject
        http-request redirect location /

This trivial fix must be backported to 1.9 and 1.8. It is tracked by
github issue #107.
---

diff --git a/src/http_act.c b/src/http_act.c
index c1b94dd092..daa789abb6 100644
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -202,7 +202,7 @@ static enum act_return http_action_reject(struct act_rule *rule, struct proxy *p
 	if (!(s->flags & SF_FINST_MASK))
 		s->flags |= SF_FINST_R;
 
-	return ACT_RET_CONT;
+	return ACT_RET_STOP;
 }
 
 /* parse the "reject" action: