Similar to the stats socket bug, we must check that the proxy is not disabled
before trying to enable/disable a server.
Even if a disabled proxy is not displayed, someone can inject a faulty proxy
name in the POST parameters. So, we must ensure that no disabled proxy can be
used.
if (backend && action && get_backend_server(backend, value, &px, &sv)) {
switch (action) {
case 1:
- if (! (sv->state & SRV_MAINTAIN)) {
+ if ((px->state != PR_STSTOPPED) && !(sv->state & SRV_MAINTAIN)) {
/* Not already in maintenance, we can change the server state */
sv->state |= SRV_MAINTAIN;
set_server_down(sv);
}
break;
case 2:
- if ((sv->state & SRV_MAINTAIN)) {
+ if ((px->state != PR_STSTOPPED) && (sv->state & SRV_MAINTAIN)) {
/* Already in maintenance, we can change the server state */
set_server_up(sv);
sv->health = sv->rise; /* up, but will fall down at first failure */
projects / thirdparty / haproxy.git / commitdiff
