From: Willy Tarreau <w@1wt.eu>
Date: Mon, 28 Apr 2014 16:27:12 +0000 (+0200)
Subject: BUG/MINOR: http: block rules forgot to increment the denied_req counter
X-Git-Tag: v1.5-dev25~64
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5fa70829111f8f8c86e67c962a3f8a98cb3c6e02;p=thirdparty%2Fhaproxy.git

BUG/MINOR: http: block rules forgot to increment the denied_req counter

"block" rules used to build the whole response and forgot to increment
the denied_req counters. By jumping to the general "deny" label created
in previous patch, it's easier to fix this.

The issue was already present in 1.3 and remained unnoticed, in part
because few people use "block" nowadays.
---

diff --git a/src/proto_http.c b/src/proto_http.c
index 84274c83c1..c5f6ecb9ef 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3777,14 +3777,8 @@ int http_process_req_common(struct session *s, struct channel *req, int an_bit,
 		if (cond->pol == ACL_COND_UNLESS)
 			ret = !ret;
 
-		if (ret) {
-			txn->status = 403;
-			/* let's log the request time */
-			s->logs.tv_request = now;
-			stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403));
-			session_inc_http_err_ctr(s);
-			goto return_prx_cond;
-		}
+		if (ret)
+			goto deny;
 	}
 
 	/* just in case we have some per-backend tracking */