From: Christopher Faulet Date: Fri, 17 Jan 2020 15:03:53 +0000 (+0100) Subject: MEDIUM: http-rules: Enable the strict rewriting mode by default X-Git-Tag: v2.2-dev1~50 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1aea50e1ff886de15948c8fbe91b8c88f89dd83e;p=thirdparty%2Fhaproxy.git MEDIUM: http-rules: Enable the strict rewriting mode by default Now, by default, when a rule performing a rewrite on an HTTP message fails, an internal error is triggered. Before, the failure was ignored. But most of users are not aware of this behavior. And it does not happen very often because the buffer reserve space in large enough. So it may be surprising. Returning an internal error makes the rewrite failure explicit. If it is acceptable to silently ignore it, the strict rewriting mode can be disabled. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 6c0faac05b..1114f63e40 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -4838,7 +4838,7 @@ http-request strict-mode { on | off } rewrites optionnal while others must be performed to continue the request processing. - By default, the strict rewriting mode is disabled. Its value is also reset + By default, the strict rewriting mode is enabled. Its value is also reset when a ruleset evaluation ends. So, for instance, if you change the mode on the frontend, the default mode is restored when HAProxy starts the backend rules evaluation. @@ -5241,7 +5241,7 @@ http-response strict-mode { on | off } rewrites optionnal while others must be performed to continue the response processing. - By default, the strict rewriting mode is disabled. Its value is also reset + By default, the strict rewriting mode is enabled. Its value is also reset when a ruleset evaluation ends. So, for instance, if you change the mode on the bacnkend, the default mode is restored when HAProxy starts the frontend rules evaluation. diff --git a/src/http_ana.c b/src/http_ana.c index fa418bb5d0..538797feff 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -2943,8 +2943,8 @@ static enum rule_result http_req_get_intercept_rule(struct proxy *px, struct lis } s->current_rule_list = rules; - /* start the ruleset evaluation in soft mode */ - txn->req.flags |= HTTP_MSGF_SOFT_RW; + /* start the ruleset evaluation in strict mode */ + txn->req.flags &= ~HTTP_MSGF_SOFT_RW; list_for_each_entry(rule, rules, list) { /* check optional condition */ @@ -3312,9 +3312,9 @@ static enum rule_result http_req_get_intercept_rule(struct proxy *px, struct lis rule_ret = HTTP_RULE_RES_ERROR; } - /* if the ruleset evaluation is finished reset the soft mode */ + /* if the ruleset evaluation is finished reset the strict mode */ if (rule_ret != HTTP_RULE_RES_YIELD) - txn->req.flags |= HTTP_MSGF_SOFT_RW; + txn->req.flags &= ~HTTP_MSGF_SOFT_RW; /* we reached the end of the rules, nothing to report */ return rule_ret; @@ -3356,8 +3356,8 @@ static enum rule_result http_res_get_intercept_rule(struct proxy *px, struct lis } s->current_rule_list = rules; - /* start the ruleset evaluation in soft mode */ - txn->rsp.flags |= HTTP_MSGF_SOFT_RW; + /* start the ruleset evaluation in strict mode */ + txn->rsp.flags &= ~HTTP_MSGF_SOFT_RW; list_for_each_entry(rule, rules, list) { /* check optional condition */ @@ -3681,9 +3681,9 @@ resume_execution: } end: - /* if the ruleset evaluation is finished reset the soft mode */ + /* if the ruleset evaluation is finished reset the strict mode */ if (rule_ret != HTTP_RULE_RES_YIELD) - txn->rsp.flags |= HTTP_MSGF_SOFT_RW; + txn->rsp.flags &= ~HTTP_MSGF_SOFT_RW; /* we reached the end of the rules, nothing to report */ return rule_ret; @@ -5568,13 +5568,13 @@ struct http_txn *http_alloc_txn(struct stream *s) void http_txn_reset_req(struct http_txn *txn) { - txn->req.flags = HTTP_MSGF_SOFT_RW; + txn->req.flags = 0; txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */ } void http_txn_reset_res(struct http_txn *txn) { - txn->rsp.flags = HTTP_MSGF_SOFT_RW; + txn->rsp.flags = 0; txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */ }