BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back

http-after-response rules evaluation must be stopped after a "allow". It means the frontend ruleset must not be evaluated if a "allow" was performed in the backend ruleset. Internally, the evaluation must be stopped if on HTTP_RULE_RES_STOP return value. Only the "allow" action is concerned by this change. Thanks to this patch, http-response and http-after-response behave in the same way. This patch should be backported as far as 2.2.
2021-10-15 13:51:34 +02:00 · 2021-10-15 13:51:34 +02:00 · 597909f4e6
parent e20e026033
commit 597909f4e6
2 changed files with 8 additions and 8 deletions
--- a/reg-tests/http-rules/http_after_response.vtc
+++ b/reg-tests/http-rules/http_after_response.vtc
@ -182,11 +182,11 @@ client c4 -connect ${h1_feh1_sock} {
 client c5 -connect ${h1_feh1_sock} {
        txreq -req GET -url /deny-srv
        rxresp
-        expect resp.status == 200
-        expect resp.http.be-sl1 == ""
-        expect resp.http.be-sl2 == ""
-        expect resp.http.be-hdr == ""
-        expect resp.http.fe-sl1-crc == 3104968915
-        expect resp.http.fe-sl2-crc == 561949791
-        expect resp.http.fe-hdr-crc == 623352154
+        expect resp.status == 502
+        expect resp.http.be-sl1 == <undef>
+        expect resp.http.be-sl2 == <undef>
+        expect resp.http.be-hdr == <undef>
+        expect resp.http.sl1 == <undef>
+        expect resp.http.sl2 == <undef>
+        expect resp.http.hdr == <undef>
 } -run
--- a/src/http_ana.c
+++ b/src/http_ana.c
@ -2950,7 +2950,7 @@ int http_eval_after_res_rules(struct stream *s)
 	}

 	ret = http_res_get_intercept_rule(s->be, &s->be->http_after_res_rules, s);
-	if ((ret == HTTP_RULE_RES_CONT || ret == HTTP_RULE_RES_STOP) && sess->fe != s->be)
+	if (ret == HTTP_RULE_RES_CONT && sess->fe != s->be)
 		ret = http_res_get_intercept_rule(sess->fe, &sess->fe->http_after_res_rules, s);

  end: