Currently only http basic auth is supported.
+http_req_first
+ Returns true when the request being processed is the first one of the
+ connection. This can be used to add or remove headers that may be missing
+ from some requests when a request is not the first one, or even to perform
+ some specific ACL checks only on the first request.
+
method <string>
Applies to the method in the HTTP request, eg: "GET". Some predefined ACL
already check for most common methods.
return 1;
}
+/* return a valid test if the current request is the first one on the connection */
+static int
+acl_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, int dir,
+ struct acl_expr *expr, struct acl_test *test)
+{
+ if (!s)
+ return 0;
+
+ if (s->txn.flags & TX_NOT_FIRST)
+ test->flags |= ACL_TEST_F_SET_RES_FAIL;
+ else
+ test->flags |= ACL_TEST_F_SET_RES_PASS;
+
+ return 1;
+}
+
static int
acl_fetch_http_auth(struct proxy *px, struct session *s, void *l7, int dir,
struct acl_expr *expr, struct acl_test *test)
{ "cook_pst", acl_parse_none, acl_fetch_cook, acl_match_pst },
#endif
- { "http_auth", acl_parse_nothing, acl_fetch_http_auth, acl_match_auth },
- { "http_auth_group", acl_parse_strcat, acl_fetch_http_auth, acl_match_auth },
+ { "http_auth", acl_parse_nothing, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_PERMANENT },
+ { "http_auth_group", acl_parse_strcat, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_PERMANENT },
+ { "http_first_req", acl_parse_nothing, acl_fetch_http_first_req, acl_match_nothing, ACL_USE_L7REQ_PERMANENT },
{ NULL, NULL, NULL, NULL },
}};
projects / thirdparty / haproxy.git / commitdiff
