diff --git a/include/haproxy/cfgparse.h b/include/haproxy/cfgparse.h index de23bb7466..7b89b7a1f4 100644 --- a/include/haproxy/cfgparse.h +++ b/include/haproxy/cfgparse.h @@ -131,6 +131,7 @@ void cfg_restore_sections(struct list *backup_sections); int warnif_misplaced_tcp_req_conn(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2); int warnif_misplaced_tcp_req_sess(struct proxy *proxy, const char *file, int line, const char *arg, const char *arg2); int warnif_misplaced_tcp_req_cont(struct proxy *proxy, const char *file, int line, const char *arg, const char *arg2); +int warnif_misplaced_tcp_res_cont(struct proxy *proxy, const char *file, int line, const char *arg, const char *arg2); int warnif_misplaced_quic_init(struct proxy *proxy, const char *file, int line, const char *arg, const char *arg2); int warnif_cond_conflicts(const struct acl_cond *cond, unsigned int where, const char *file, int line); int warnif_tcp_http_cond(const struct proxy *px, const struct acl_cond *cond); diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c index 2357333433..6167f596e5 100644 --- a/src/cfgparse-listen.c +++ b/src/cfgparse-listen.c @@ -132,6 +132,19 @@ static int warnif_rule_after_http_req(struct proxy *proxy, const char *file, int return 0; } +/* Report a warning if a rule is placed after an 'http_response' rule. + * Return 1 if the warning has been emitted, otherwise 0. + */ +static int warnif_rule_after_http_res(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2) +{ + if (!LIST_ISEMPTY(&proxy->http_res_rules)) { + ha_warning("parsing [%s:%d] : a '%s%s%s' rule placed after an 'http-response' rule will still be processed before.\n", + file, line, arg1, (arg2 ? " ": ""), (arg2 ? arg2 : "")); + return 1; + } + return 0; +} + /* Report a warning if a rule is placed after a redirect rule. * Return 1 if the warning has been emitted, otherwise 0. */ @@ -199,6 +212,12 @@ int warnif_misplaced_tcp_req_cont(struct proxy *proxy, const char *file, int lin warnif_misplaced_monitor(proxy, file, line, arg1, arg2); } +/* report a warning if a "tcp response content" rule is dangerously placed */ +int warnif_misplaced_tcp_res_cont(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2) +{ + return warnif_rule_after_http_res(proxy, file, line, arg1, arg2); +} + /* report a warning if a "tcp request session" rule is dangerously placed */ int warnif_misplaced_tcp_req_sess(struct proxy *proxy, const char *file, int line, const char *arg1, const char *arg2) { diff --git a/src/tcp_rules.c b/src/tcp_rules.c index b8848e5250..fcc47b3d12 100644 --- a/src/tcp_rules.c +++ b/src/tcp_rules.c @@ -1200,6 +1200,8 @@ static int tcp_parse_tcp_rep(char **args, int section_type, struct proxy *curpx, warn++; } + /* the following function directly emits the warning */ + warnif_misplaced_tcp_res_cont(curpx, file, line, args[0], args[1]); LIST_APPEND(&curpx->tcp_rep.inspect_rules, &rule->list); } else {