MEDIUM: http-rules: Enable the strict rewriting mode by default

Now, by default, when a rule performing a rewrite on an HTTP message fails, an internal error is triggered. Before, the failure was ignored. But most of users are not aware of this behavior. And it does not happen very often because the buffer reserve space in large enough. So it may be surprising. Returning an internal error makes the rewrite failure explicit. If it is acceptable to silently ignore it, the strict rewriting mode can be disabled.
2025-03-30 23:26:46 +00:00 · 2020-01-17 16:03:53 +01:00 · 2020-01-17 16:03:53 +01:00 · 1aea50e1ff
commit 1aea50e1ff
parent 46f95543c5
2 changed files with 12 additions and 12 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -4838,7 +4838,7 @@ http-request strict-mode { on | off }
  rewrites optionnal while others must be performed to continue the request
  processing.

-  By default, the strict rewriting mode is disabled. Its value is also reset
+  By default, the strict rewriting mode is enabled. Its value is also reset
  when a ruleset evaluation ends. So, for instance, if you change the mode on
  the frontend, the default mode is restored when HAProxy starts the backend
  rules evaluation.
@ -5241,7 +5241,7 @@ http-response strict-mode { on | off }
  rewrites optionnal while others must be performed to continue the response
  processing.

-  By default, the strict rewriting mode is disabled. Its value is also reset
+  By default, the strict rewriting mode is enabled. Its value is also reset
  when a ruleset evaluation ends. So, for instance, if you change the mode on
  the bacnkend, the default mode is restored when HAProxy starts the frontend
  rules evaluation.
--- a/src/http_ana.c
+++ b/src/http_ana.c
@ -2943,8 +2943,8 @@ static enum rule_result http_req_get_intercept_rule(struct proxy *px, struct lis
 	}
 	s->current_rule_list = rules;

-	/* start the ruleset evaluation in soft mode */
-	txn->req.flags |= HTTP_MSGF_SOFT_RW;
+	/* start the ruleset evaluation in strict mode */
+	txn->req.flags &= ~HTTP_MSGF_SOFT_RW;

 	list_for_each_entry(rule, rules, list) {
 		/* check optional condition */
@ -3312,9 +3312,9 @@ static enum rule_result http_req_get_intercept_rule(struct proxy *px, struct lis
 			rule_ret = HTTP_RULE_RES_ERROR;
 	}

-	/* if the ruleset evaluation is finished reset the soft mode */
+	/* if the ruleset evaluation is finished reset the strict mode */
 	if (rule_ret != HTTP_RULE_RES_YIELD)
-		txn->req.flags |= HTTP_MSGF_SOFT_RW;
+		txn->req.flags &= ~HTTP_MSGF_SOFT_RW;

 	/* we reached the end of the rules, nothing to report */
 	return rule_ret;
@ -3356,8 +3356,8 @@ static enum rule_result http_res_get_intercept_rule(struct proxy *px, struct lis
 	}
 	s->current_rule_list = rules;

-	/* start the ruleset evaluation in soft mode */
-	txn->rsp.flags |= HTTP_MSGF_SOFT_RW;
+	/* start the ruleset evaluation in strict mode */
+	txn->rsp.flags &= ~HTTP_MSGF_SOFT_RW;

 	list_for_each_entry(rule, rules, list) {
 		/* check optional condition */
@ -3681,9 +3681,9 @@ resume_execution:
 	}

  end:
-	/* if the ruleset evaluation is finished reset the soft mode */
+	/* if the ruleset evaluation is finished reset the strict mode */
 	if (rule_ret != HTTP_RULE_RES_YIELD)
-		txn->rsp.flags |= HTTP_MSGF_SOFT_RW;
+		txn->rsp.flags &= ~HTTP_MSGF_SOFT_RW;

 	/* we reached the end of the rules, nothing to report */
 	return rule_ret;
@ -5568,13 +5568,13 @@ struct http_txn *http_alloc_txn(struct stream *s)

 void http_txn_reset_req(struct http_txn *txn)
 {
-	txn->req.flags = HTTP_MSGF_SOFT_RW;
+	txn->req.flags = 0;
 	txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */
 }

 void http_txn_reset_res(struct http_txn *txn)
 {
-	txn->rsp.flags = HTTP_MSGF_SOFT_RW;
+	txn->rsp.flags = 0;
 	txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */
 }