MEDIUM: http-rules: Enable the strict rewriting mode by default

Now, by default, when a rule performing a rewrite on an HTTP message fails, an
internal error is triggered. Before, the failure was ignored. But most of users
are not aware of this behavior. And it does not happen very often because the
buffer reserve space in large enough. So it may be surprising. Returning an
internal error makes the rewrite failure explicit. If it is acceptable to
silently ignore it, the strict rewriting mode can be disabled.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 6c0faac05b83875b352827429731905d4ae34e86..1114f63e4090dafd3c890863fd6564ca78602837 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -4838,7 +4838,7 @@ http-request strict-mode { on | off }
   rewrites optionnal while others must be performed to continue the request
   processing.
 
-  By default, the strict rewriting mode is disabled. Its value is also reset
+  By default, the strict rewriting mode is enabled. Its value is also reset
   when a ruleset evaluation ends. So, for instance, if you change the mode on
   the frontend, the default mode is restored when HAProxy starts the backend
   rules evaluation.
@@ -5241,7 +5241,7 @@ http-response strict-mode { on | off }
   rewrites optionnal while others must be performed to continue the response
   processing.
 
-  By default, the strict rewriting mode is disabled. Its value is also reset
+  By default, the strict rewriting mode is enabled. Its value is also reset
   when a ruleset evaluation ends. So, for instance, if you change the mode on
   the bacnkend, the default mode is restored when HAProxy starts the frontend
   rules evaluation.

diff --git a/src/http_ana.c b/src/http_ana.c
index fa418bb5d0cea2f1390a6d6a2a342b8d989fddc3..538797feff9d8f08598e607ded84d894a99c7a41 100644 (file)
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -2943,8 +2943,8 @@ static enum rule_result http_req_get_intercept_rule(struct proxy *px, struct lis
        }
        s->current_rule_list = rules;
 
-       /* start the ruleset evaluation in soft mode */
-       txn->req.flags |= HTTP_MSGF_SOFT_RW;
+       /* start the ruleset evaluation in strict mode */
+       txn->req.flags &= ~HTTP_MSGF_SOFT_RW;
 
        list_for_each_entry(rule, rules, list) {
                /* check optional condition */
@@ -3312,9 +3312,9 @@ static enum rule_result http_req_get_intercept_rule(struct proxy *px, struct lis
                        rule_ret = HTTP_RULE_RES_ERROR;
        }
 
-       /* if the ruleset evaluation is finished reset the soft mode */
+       /* if the ruleset evaluation is finished reset the strict mode */
        if (rule_ret != HTTP_RULE_RES_YIELD)
-               txn->req.flags |= HTTP_MSGF_SOFT_RW;
+               txn->req.flags &= ~HTTP_MSGF_SOFT_RW;
 
        /* we reached the end of the rules, nothing to report */
        return rule_ret;
@@ -3356,8 +3356,8 @@ static enum rule_result http_res_get_intercept_rule(struct proxy *px, struct lis
        }
        s->current_rule_list = rules;
 
-       /* start the ruleset evaluation in soft mode */
-       txn->rsp.flags |= HTTP_MSGF_SOFT_RW;
+       /* start the ruleset evaluation in strict mode */
+       txn->rsp.flags &= ~HTTP_MSGF_SOFT_RW;
 
        list_for_each_entry(rule, rules, list) {
                /* check optional condition */
@@ -3681,9 +3681,9 @@ resume_execution:
        }
 
   end:
-       /* if the ruleset evaluation is finished reset the soft mode */
+       /* if the ruleset evaluation is finished reset the strict mode */
        if (rule_ret != HTTP_RULE_RES_YIELD)
-               txn->rsp.flags |= HTTP_MSGF_SOFT_RW;
+               txn->rsp.flags &= ~HTTP_MSGF_SOFT_RW;
 
        /* we reached the end of the rules, nothing to report */
        return rule_ret;
@@ -5568,13 +5568,13 @@ struct http_txn *http_alloc_txn(struct stream *s)
 
 void http_txn_reset_req(struct http_txn *txn)
 {
-       txn->req.flags = HTTP_MSGF_SOFT_RW;
+       txn->req.flags = 0;
        txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */
 }
 
 void http_txn_reset_res(struct http_txn *txn)
 {
-       txn->rsp.flags = HTTP_MSGF_SOFT_RW;
+       txn->rsp.flags = 0;
        txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */
 }