From 5fa70829111f8f8c86e67c962a3f8a98cb3c6e02 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 28 Apr 2014 18:27:12 +0200 Subject: [PATCH] BUG/MINOR: http: block rules forgot to increment the denied_req counter "block" rules used to build the whole response and forgot to increment the denied_req counters. By jumping to the general "deny" label created in previous patch, it's easier to fix this. The issue was already present in 1.3 and remained unnoticed, in part because few people use "block" nowadays. --- src/proto_http.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index 84274c83c1..c5f6ecb9ef 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -3777,14 +3777,8 @@ int http_process_req_common(struct session *s, struct channel *req, int an_bit, if (cond->pol == ACL_COND_UNLESS) ret = !ret; - if (ret) { - txn->status = 403; - /* let's log the request time */ - s->logs.tv_request = now; - stream_int_retnclose(req->prod, http_error_message(s, HTTP_ERR_403)); - session_inc_http_err_ctr(s); - goto return_prx_cond; - } + if (ret) + goto deny; } /* just in case we have some per-backend tracking */ -- 2.47.3