From: Willy Tarreau Date: Wed, 10 Jan 2024 17:44:30 +0000 (+0100) Subject: MEDIUM: http_act: check status codes against the bit fields for err/fail X-Git-Tag: v3.0-dev2~55 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9d827e10497a57623e903e0be41fe9b02efb5da5;p=thirdparty%2Fhaproxy.git MEDIUM: http_act: check status codes against the bit fields for err/fail This drops the hard-coded 4xx and 5xx status codes for err_cnt and fail_cnt, in favor of the new bit fields that will soon be configurable. There should be no difference at all since the bit fields are initialized to the exact same sets (400-499 for err, 500-599 minus 501 and 505 for fail). --- diff --git a/src/http_act.c b/src/http_act.c index 7d45780338..260fe1d671 100644 --- a/src/http_act.c +++ b/src/http_act.c @@ -2044,13 +2044,14 @@ static enum act_return http_action_track_sc(struct act_rule *rule, struct proxy * but here we're tracking after this ought to have been done so we have * to do it on purpose. */ - if (rule->from == ACT_F_HTTP_RES && (unsigned)(s->txn->status - 400) < 100) { + if (rule->from == ACT_F_HTTP_RES && + http_status_matches(http_err_status_codes, s->txn->status)) { ptr3 = stktable_data_ptr(t, ts, STKTABLE_DT_HTTP_ERR_CNT); ptr4 = stktable_data_ptr(t, ts, STKTABLE_DT_HTTP_ERR_RATE); } - if (rule->from == ACT_F_HTTP_RES && (unsigned)(s->txn->status - 500) < 100 && - s->txn->status != 501 && s->txn->status != 505) { + if (rule->from == ACT_F_HTTP_RES && + http_status_matches(http_fail_status_codes, s->txn->status)) { ptr5 = stktable_data_ptr(t, ts, STKTABLE_DT_HTTP_FAIL_CNT); ptr6 = stktable_data_ptr(t, ts, STKTABLE_DT_HTTP_FAIL_RATE); } diff --git a/src/http_ana.c b/src/http_ana.c index 178f8749ec..035351270e 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -1444,22 +1444,22 @@ int http_wait_for_response(struct stream *s, struct channel *rep, int an_bit) if (sl->flags & HTX_SL_F_CONN_UPG) msg->flags |= HTTP_MSGF_CONN_UPG; - n = txn->status / 100; - if (n < 1 || n > 5) - n = 0; - /* when the client triggers a 4xx from the server, it's most often due * to a missing object or permission. These events should be tracked * because if they happen often, it may indicate a brute force or a * vulnerability scan. */ - if (n == 4) + if (http_status_matches(http_err_status_codes, txn->status)) stream_inc_http_err_ctr(s); - if (n == 5 && txn->status != 501 && txn->status != 505) + if (http_status_matches(http_fail_status_codes, txn->status)) stream_inc_http_fail_ctr(s); if (objt_server(s->target)) { + n = txn->status / 100; + if (n < 1 || n > 5) + n = 0; + _HA_ATOMIC_INC(&__objt_server(s->target)->counters.p.http.rsp[n]); _HA_ATOMIC_INC(&__objt_server(s->target)->counters.p.http.cum_req); }