From 1aea50e1ff886de15948c8fbe91b8c88f89dd83e Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 17 Jan 2020 16:03:53 +0100 Subject: [PATCH] MEDIUM: http-rules: Enable the strict rewriting mode by default Now, by default, when a rule performing a rewrite on an HTTP message fails, an internal error is triggered. Before, the failure was ignored. But most of users are not aware of this behavior. And it does not happen very often because the buffer reserve space in large enough. So it may be surprising. Returning an internal error makes the rewrite failure explicit. If it is acceptable to silently ignore it, the strict rewriting mode can be disabled. --- doc/configuration.txt | 4 ++-- src/http_ana.c | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 6c0faac05..1114f63e4 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -4838,7 +4838,7 @@ http-request strict-mode { on | off } rewrites optionnal while others must be performed to continue the request processing. - By default, the strict rewriting mode is disabled. Its value is also reset + By default, the strict rewriting mode is enabled. Its value is also reset when a ruleset evaluation ends. So, for instance, if you change the mode on the frontend, the default mode is restored when HAProxy starts the backend rules evaluation. @@ -5241,7 +5241,7 @@ http-response strict-mode { on | off } rewrites optionnal while others must be performed to continue the response processing. - By default, the strict rewriting mode is disabled. Its value is also reset + By default, the strict rewriting mode is enabled. Its value is also reset when a ruleset evaluation ends. So, for instance, if you change the mode on the bacnkend, the default mode is restored when HAProxy starts the frontend rules evaluation. diff --git a/src/http_ana.c b/src/http_ana.c index fa418bb5d..538797fef 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -2943,8 +2943,8 @@ static enum rule_result http_req_get_intercept_rule(struct proxy *px, struct lis } s->current_rule_list = rules; - /* start the ruleset evaluation in soft mode */ - txn->req.flags |= HTTP_MSGF_SOFT_RW; + /* start the ruleset evaluation in strict mode */ + txn->req.flags &= ~HTTP_MSGF_SOFT_RW; list_for_each_entry(rule, rules, list) { /* check optional condition */ @@ -3312,9 +3312,9 @@ static enum rule_result http_req_get_intercept_rule(struct proxy *px, struct lis rule_ret = HTTP_RULE_RES_ERROR; } - /* if the ruleset evaluation is finished reset the soft mode */ + /* if the ruleset evaluation is finished reset the strict mode */ if (rule_ret != HTTP_RULE_RES_YIELD) - txn->req.flags |= HTTP_MSGF_SOFT_RW; + txn->req.flags &= ~HTTP_MSGF_SOFT_RW; /* we reached the end of the rules, nothing to report */ return rule_ret; @@ -3356,8 +3356,8 @@ static enum rule_result http_res_get_intercept_rule(struct proxy *px, struct lis } s->current_rule_list = rules; - /* start the ruleset evaluation in soft mode */ - txn->rsp.flags |= HTTP_MSGF_SOFT_RW; + /* start the ruleset evaluation in strict mode */ + txn->rsp.flags &= ~HTTP_MSGF_SOFT_RW; list_for_each_entry(rule, rules, list) { /* check optional condition */ @@ -3681,9 +3681,9 @@ resume_execution: } end: - /* if the ruleset evaluation is finished reset the soft mode */ + /* if the ruleset evaluation is finished reset the strict mode */ if (rule_ret != HTTP_RULE_RES_YIELD) - txn->rsp.flags |= HTTP_MSGF_SOFT_RW; + txn->rsp.flags &= ~HTTP_MSGF_SOFT_RW; /* we reached the end of the rules, nothing to report */ return rule_ret; @@ -5568,13 +5568,13 @@ struct http_txn *http_alloc_txn(struct stream *s) void http_txn_reset_req(struct http_txn *txn) { - txn->req.flags = HTTP_MSGF_SOFT_RW; + txn->req.flags = 0; txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */ } void http_txn_reset_res(struct http_txn *txn) { - txn->rsp.flags = HTTP_MSGF_SOFT_RW; + txn->rsp.flags = 0; txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */ }