git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Thu, 6 Jan 2011 15:53:21 +0000 (16:53 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Sun, 13 Mar 2011 21:00:24 +0000 (22:00 +0100)
commit	f68a15a9512bf90b1b3fbc3dcb8e121a5f010b31
tree	78772f5a7b01d1a65e62e3f0942b6768d78c3dde	tree \| snapshot
parent	7d0aaf39d13af87bce83b58f6cc6ccf8387ed411	commit \| diff

[MEDIUM] http: always evaluate http-request rules before stats http-request

Right now, http-request rules are not evaluated if the URL matches the
stats request. This is quite unexpected. For instance, in the config
below, an abuser present in the abusers list will not be prevented access
to the stats.

   listen pub
        bind :8181
acl abuser src -f abusers.lst
        http-request deny if abuser
        stats uri /stats

It is not a big deal but it's not documented as such either. For 1.5, let's
have both lists be evaluated in turn, until one blocks. For 1.4 we'll simply
update the doc to indicate that.

Also instead of duplicating the code, the patch factors out the list walking
code. The HTTP auth has been moved slightly earlier, because it was set after
the header addition code, but we don't need to add headers to a request we're
dropping.