From: Willy Tarreau Date: Fri, 22 Oct 2010 18:04:13 +0000 (+0200) Subject: [MINOR] acl: add the http_req_first match X-Git-Tag: v1.5-dev8~430 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f18e52b13272fd7c9747c6468bfd6bda65945d2;p=thirdparty%2Fhaproxy.git [MINOR] acl: add the http_req_first match This match returns true when the request calling it is the first one of a connection. (cherry picked from commit 922ca979c50653c415852531f36fe409190ad76b) --- diff --git a/doc/configuration.txt b/doc/configuration.txt index d96a4981aa..d7f81f4e90 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -7202,6 +7202,12 @@ http_auth_group(userlist) []* Currently only http basic auth is supported. +http_req_first + Returns true when the request being processed is the first one of the + connection. This can be used to add or remove headers that may be missing + from some requests when a request is not the first one, or even to perform + some specific ACL checks only on the first request. + method Applies to the method in the HTTP request, eg: "GET". Some predefined ACL already check for most common methods. diff --git a/src/proto_http.c b/src/proto_http.c index 3003e5d09f..3a2be18f75 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -7968,6 +7968,22 @@ acl_fetch_proto_http(struct proxy *px, struct session *s, void *l7, int dir, return 1; } +/* return a valid test if the current request is the first one on the connection */ +static int +acl_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, int dir, + struct acl_expr *expr, struct acl_test *test) +{ + if (!s) + return 0; + + if (s->txn.flags & TX_NOT_FIRST) + test->flags |= ACL_TEST_F_SET_RES_FAIL; + else + test->flags |= ACL_TEST_F_SET_RES_PASS; + + return 1; +} + static int acl_fetch_http_auth(struct proxy *px, struct session *s, void *l7, int dir, struct acl_expr *expr, struct acl_test *test) @@ -8061,8 +8077,9 @@ static struct acl_kw_list acl_kws = {{ },{ { "cook_pst", acl_parse_none, acl_fetch_cook, acl_match_pst }, #endif - { "http_auth", acl_parse_nothing, acl_fetch_http_auth, acl_match_auth }, - { "http_auth_group", acl_parse_strcat, acl_fetch_http_auth, acl_match_auth }, + { "http_auth", acl_parse_nothing, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_PERMANENT }, + { "http_auth_group", acl_parse_strcat, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_PERMANENT }, + { "http_first_req", acl_parse_nothing, acl_fetch_http_first_req, acl_match_nothing, ACL_USE_L7REQ_PERMANENT }, { NULL, NULL, NULL, NULL }, }};