From: Christopher Faulet Date: Wed, 1 Jun 2022 15:42:35 +0000 (+0200) Subject: MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs X-Git-Tag: v2.7-dev1~119 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d649b575192d562fc4cbec008c3a2dfca1ee255e;p=thirdparty%2Fhaproxy.git MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs Rewrite failures in http rules are reported as proxy errors (PRXCOND) in logs. However, other rewrite errors are reported as internal errors. For instance, it happens when we fail to add X-Forwarded-For header. It is not consistent and it is confusing. So now, all rewite failures are reported as proxy errors. This patch may be backported if necessary. --- diff --git a/src/http_ana.c b/src/http_ana.c index df88d3d97d..60a86f9c21 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -418,7 +418,7 @@ int http_process_req_common(struct stream *s, struct channel *req, int an_bit, s ctx.blk = NULL; if (!http_find_header(htx, ist("Early-Data"), &ctx, 0)) { if (unlikely(!http_add_header(htx, ist("Early-Data"), ist("1")))) - goto return_int_err; + goto return_fail_rewrite; } } @@ -564,6 +564,18 @@ int http_process_req_common(struct stream *s, struct channel *req, int an_bit, s _HA_ATOMIC_INC(&sess->listener->counters->denied_req); goto return_prx_err; + return_fail_rewrite: + if (!(s->flags & SF_ERR_MASK)) + s->flags |= SF_ERR_PRXCOND; + _HA_ATOMIC_INC(&sess->fe->fe_counters.failed_rewrites); + if (s->flags & SF_BE_ASSIGNED) + _HA_ATOMIC_INC(&s->be->be_counters.failed_rewrites); + if (sess->listener && sess->listener->counters) + _HA_ATOMIC_INC(&sess->listener->counters->failed_rewrites); + if (objt_server(s->target)) + _HA_ATOMIC_INC(&__objt_server(s->target)->counters.failed_rewrites); + /* fall through */ + return_int_err: txn->status = 500; if (!(s->flags & SF_ERR_MASK)) @@ -654,7 +666,7 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit) /* send unique ID if a "unique-id-header" is defined */ if (isttest(sess->fe->header_unique_id) && unlikely(!http_add_header(htx, sess->fe->header_unique_id, unique_id))) - goto return_int_err; + goto return_fail_rewrite; } /* @@ -687,7 +699,7 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit) */ chunk_printf(&trash, "%d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]); if (unlikely(!http_add_header(htx, hdr, ist2(trash.area, trash.data)))) - goto return_int_err; + goto return_fail_rewrite; } } else if (src && src->ss_family == AF_INET6) { @@ -709,7 +721,7 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit) */ chunk_printf(&trash, "%s", pn); if (unlikely(!http_add_header(htx, hdr, ist2(trash.area, trash.data)))) - goto return_int_err; + goto return_fail_rewrite; } } } @@ -737,7 +749,7 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit) */ chunk_printf(&trash, "%d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]); if (unlikely(!http_add_header(htx, hdr, ist2(trash.area, trash.data)))) - goto return_int_err; + goto return_fail_rewrite; } } else if (dst && dst->ss_family == AF_INET6) { @@ -759,7 +771,7 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit) */ chunk_printf(&trash, "%s", pn); if (unlikely(!http_add_header(htx, hdr, ist2(trash.area, trash.data)))) - goto return_int_err; + goto return_fail_rewrite; } } } @@ -804,6 +816,18 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit) DBG_TRACE_LEAVE(STRM_EV_STRM_ANA|STRM_EV_HTTP_ANA, s, txn); return 1; + return_fail_rewrite: + if (!(s->flags & SF_ERR_MASK)) + s->flags |= SF_ERR_PRXCOND; + _HA_ATOMIC_INC(&sess->fe->fe_counters.failed_rewrites); + if (s->flags & SF_BE_ASSIGNED) + _HA_ATOMIC_INC(&s->be->be_counters.failed_rewrites); + if (sess->listener && sess->listener->counters) + _HA_ATOMIC_INC(&sess->listener->counters->failed_rewrites); + if (objt_server(s->target)) + _HA_ATOMIC_INC(&__objt_server(s->target)->counters.failed_rewrites); + /* fall through */ + return_int_err: txn->status = 500; if (!(s->flags & SF_ERR_MASK)) @@ -1938,7 +1962,7 @@ int http_process_res_common(struct stream *s, struct channel *rep, int an_bit, s chunk_appendf(&trash, "; %s", s->be->cookie_attrs); if (unlikely(!http_add_header(htx, ist("Set-Cookie"), ist2(trash.area, trash.data)))) - goto return_int_err; + goto return_fail_rewrite; txn->flags &= ~TX_SCK_MASK; if (__objt_server(s->target)->cookie && (s->flags & SF_DIRECT)) @@ -1957,7 +1981,7 @@ int http_process_res_common(struct stream *s, struct channel *rep, int an_bit, s txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK; if (unlikely(!http_add_header(htx, ist("Cache-control"), ist("private")))) - goto return_int_err; + goto return_fail_rewrite; } } @@ -2027,6 +2051,17 @@ int http_process_res_common(struct stream *s, struct channel *rep, int an_bit, s _HA_ATOMIC_INC(&__objt_server(s->target)->counters.denied_resp); goto return_prx_err; + return_fail_rewrite: + if (!(s->flags & SF_ERR_MASK)) + s->flags |= SF_ERR_PRXCOND; + _HA_ATOMIC_INC(&sess->fe->fe_counters.failed_rewrites); + _HA_ATOMIC_INC(&s->be->be_counters.failed_rewrites); + if (sess->listener && sess->listener->counters) + _HA_ATOMIC_INC(&sess->listener->counters->failed_rewrites); + if (objt_server(s->target)) + _HA_ATOMIC_INC(&__objt_server(s->target)->counters.failed_rewrites); + /* fall through */ + return_int_err: txn->status = 500; if (!(s->flags & SF_ERR_MASK))