From 11c90fbd92cfaa5695e328481402d62d536456ef Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 28 May 2019 08:26:17 +0200
Subject: [PATCH] BUG/MEDIUM: http: fix "http-request reject" when not final

When "http-request reject" was introduced in 1.8 with commit 53275e8b0
("MINOR: http: implement the "http-request reject" rule"), it was already
broken. The code mentions "it always returns ACT_RET_STOP" and obviously
a gross copy-paste made it ACT_RET_CONT. If the rule is the last one it
properly blocks, but if not the last one it gets ignored, as can be seen
with this simple configuration :

    frontend f1
        bind :8011
        mode http
        http-request reject
        http-request redirect location /

This trivial fix must be backported to 1.9 and 1.8. It is tracked by
github issue #107.
---
 src/http_act.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/http_act.c b/src/http_act.c
index c1b94dd092..daa789abb6 100644
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -202,7 +202,7 @@ static enum act_return http_action_reject(struct act_rule *rule, struct proxy *p
 	if (!(s->flags & SF_FINST_MASK))
 		s->flags |= SF_FINST_R;
 
-	return ACT_RET_CONT;
+	return ACT_RET_STOP;
 }
 
 /* parse the "reject" action:
-- 
2.47.3