From: Willy Tarreau Date: Tue, 16 Sep 2014 14:21:19 +0000 (+0200) Subject: MINOR: config: detect the case where a tcp-request content rule has no inspect-delay X-Git-Tag: v1.6-dev1~308 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e42bd96d0acc38ea7c546c8de8115ffd1dd6c3f3;p=thirdparty%2Fhaproxy.git MINOR: config: detect the case where a tcp-request content rule has no inspect-delay If a frontend has any tcp-request content rule relying on request contents without any inspect delay, we now emit a warning as this will randomly match. This can be backported to 1.5 as it reduces the support effort. --- diff --git a/src/cfgparse.c b/src/cfgparse.c index 106bf7f6d6..133ef601e7 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -7132,6 +7132,29 @@ out_uri_auth_compat: newsrv = newsrv->next; } + /* check if we have a frontend with "tcp-request content" looking at L7 + * with no inspect-delay + */ + if ((curproxy->cap & PR_CAP_FE) && !curproxy->tcp_req.inspect_delay) { + list_for_each_entry(trule, &curproxy->tcp_req.inspect_rules, list) { + if (trule->action == TCP_ACT_CAPTURE && + !(trule->act_prm.cap.expr->fetch->val & SMP_VAL_FE_SES_ACC)) + break; + if ((trule->action >= TCP_ACT_TRK_SC0 && trule->action <= TCP_ACT_TRK_SCMAX) && + !(trule->act_prm.trk_ctr.expr->fetch->val & SMP_VAL_FE_SES_ACC)) + break; + } + + if (&trule->list != &curproxy->tcp_req.inspect_rules) { + Warning("config : %s '%s' : some 'tcp-request content' rules explicitly depending on request" + " contents were found in a frontend without any 'tcp-request inspect-delay' setting." + " This means that these rules will randomly find their contents. This can be fixed by" + " setting the tcp-request inspect-delay.\n", + proxy_type_str(curproxy), curproxy->id); + err_code |= ERR_WARN; + } + } + if (curproxy->cap & PR_CAP_FE) { if (!curproxy->accept) curproxy->accept = frontend_accept;