From 51d5dad90a7de3f57d61184264d4824ecf8bbe3f Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Sun, 12 Jul 2009 10:10:05 +0200 Subject: [PATCH] [MINOR] allow TCP inspection rules to make use of HTTP ACLs Since we can call the HTTP parser from TCP inspection rules, it makes sense to be able to use the HTTP ACLs with it. That way, we can decide from a TCP frontend to take a switching decision based on full layer7 decoding. This might be useful to perform layer7 content switching from a layer4 frontend in fact. For instance, we might want to be able to detect http/https on a frontend, but still switch to backend X or Y depending on the Host header. Note that it is mandatory to wait for an HTTP request otherwise the ACLs will randomly match. --- src/proto_tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/proto_tcp.c b/src/proto_tcp.c index 846040ac32..4488a49bae 100644 --- a/src/proto_tcp.c +++ b/src/proto_tcp.c @@ -406,7 +406,7 @@ int tcp_inspect_request(struct session *s, struct buffer *req, int an_bit) int ret = ACL_PAT_PASS; if (rule->cond) { - ret = acl_exec_cond(rule->cond, s->fe, s, NULL, ACL_DIR_REQ | partial); + ret = acl_exec_cond(rule->cond, s->fe, s, &s->txn, ACL_DIR_REQ | partial); if (ret == ACL_PAT_MISS) { buffer_write_dis(req); /* just set the request timeout once at the beginning of the request */ -- 2.47.3