upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
haproxy/src/http_rules.c

554 lines
16 KiB
C
Raw Permalink Normal View History

REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
/*
* HTTP rules parsing and registration
*
* Copyright 2000-2018 Willy Tarreau <w@1wt.eu>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
#include <sys/types.h>
#include <ctype.h>
#include <string.h>
#include <time.h>
REORG: include: move acl.h to haproxy/acl.h{,-t}.h The files were moved almost as-is, just dropping arg-t and auth-t from acl-t but keeping arg-t in acl.h. It was useful to revisit the call places since a handful of files used to continue to include acl.h while they did not need it at all. Struct stream was only made a forward declaration since not otherwise needed.
2020-06-04 13:11:43 -04:00
#include <haproxy/acl.h>
REORG: include: move action.h to haproxy/action{,-t}.h List.h was missing for LIST_ADDQ(). A few unneeded includes of action.h were removed from certain files. This one still relies on applet.h and stick-table.h.
2020-06-04 04:15:32 -04:00
#include <haproxy/action.h>
REORG: include: update all files to use haproxy/api.h or api-t.h if needed All files that were including one of the following include files have been updated to only include haproxy/api.h or haproxy/api-t.h once instead: - common/config.h - common/compat.h - common/compiler.h - common/defaults.h - common/initcall.h - common/tools.h The choice is simple: if the file only requires type definitions, it includes api-t.h, otherwise it includes the full api.h. In addition, in these files, explicit includes for inttypes.h and limits.h were dropped since these are now covered by api.h and api-t.h. No other change was performed, given that this patch is large and affects 201 files. At least one (tools.h) was already freestanding and didn't get the new one added.
2020-05-27 06:58:42 -04:00
#include <haproxy/api.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/arg.h>
#include <haproxy/capture-t.h>
REORG: include: move cfgparse.h to haproxy/cfgparse.h There's no point splitting the file in two since only cfgparse uses the types defined there. A few call places were updated and cleaned up. All of them were in C files which register keywords. There is nothing left in common/ now so this directory must not be used anymore.
2020-06-04 18:00:29 -04:00
#include <haproxy/cfgparse.h>
REORG: include: move common/chunk.h to haproxy/chunk.h No change was necessary, it was already properly split.
2020-06-02 04:22:45 -04:00
#include <haproxy/chunk.h>
REORG: include: move stream.h to haproxy/stream{,-t}.h This one was not easy because it was embarking many includes with it, which other files would automatically find. At least global.h, arg.h and tools.h were identified. 93 total locations were identified, 8 additional includes had to be added. In the rare files where it was possible to finalize the sorting of includes by adjusting only one or two extra lines, it was done. But all files would need to be rechecked and cleaned up now. It was the last set of files in types/ and proto/ and these directories must not be reused anymore.
2020-06-04 17:46:14 -04:00
#include <haproxy/global.h>
REORG: include: split common/http.h into haproxy/http{,-t}.h So the enums and structs were placed into http-t.h and the functions into http.h. This revealed that several files were dependeng on http.h but not including it, as it was silently inherited via other files.
2020-06-02 13:11:26 -04:00
#include <haproxy/http.h>
BUILD: http_rules: requires http_ana-t.h for REDIRECT_* It used to inherit it through other includes.
2021-10-06 10:38:53 -04:00
#include <haproxy/http_ana-t.h>
REORG: include: move http_rules.h to haproxy/http_rules.h There was no include file. This one still includes types/proxy.h.
2020-06-04 05:40:28 -04:00
#include <haproxy/http_rules.h>
REORG: include: move the error reporting functions to from log.h to errors.h Most of the files dealing with error reports have to include log.h in order to access ha_alert(), ha_warning() etc. But while these functions don't depend on anything, log.h depends on a lot of stuff because it deals with log-formats and samples. As a result it's impossible not to embark long dependencies when using ha_warning() or qfprintf(). This patch moves these low-level functions to errors.h, which already defines the error codes used at the same places. About half of the users of log.h could be adjusted, sometimes revealing other issues such as missing tools.h. Interestingly the total preprocessed size shrunk by 4%.
2020-06-05 11:27:29 -04:00
#include <haproxy/log.h>
REORG: include: move common/memory.h to haproxy/pool.h Now the file is ready to be stored into its final destination. A few minor reorderings were performed to keep the file properly organized, making the various sections more visible (cache & lockless). In addition and to stay consistent, memory.c was renamed to pool.c.
2020-06-02 03:38:52 -04:00
#include <haproxy/pool.h>
BUILD: http-rules: include proxy.h from http_rules.c Many proxy functions are called there but the include was missing and inherited via cfgparse.h.
2021-05-08 14:30:37 -04:00
#include <haproxy/proxy.h>
CLEANUP: include: tree-wide alphabetical sort of include files This patch fixes all the leftovers from the include cleanup campaign. There were not that many (~400 entries in ~150 files) but it was definitely worth doing it as it revealed a few duplicates.
2020-06-09 03:07:15 -04:00
#include <haproxy/sample.h>
REORG: tools: split common/standard.h into haproxy/tools{,-t}.h And also rename standard.c to tools.c. The original split between tools.h and standard.h dates from version 1.3-dev and was mostly an accident. This patch moves the files back to what they were expected to be, and takes care of not changing anything else. However this time tools.h was split between functions and types, because it contains a small number of commonly used macros and structures (e.g. name_desc) which in turn cause the massive list of includes of tools.h to conflict with the callers. They remain the ugliest files of the whole project and definitely need to be cleaned and split apart. A few types are defined there only for functions provided there, and some parts are even OS-specific and should move somewhere else, such as the symbol resolution code.
2020-06-03 12:09:46 -04:00
#include <haproxy/tools.h>
REORG: include: move version.h to haproxy/ Few files were affected. The release scripts was updated.
2020-05-27 09:59:00 -04:00
#include <haproxy/version.h>
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
/* List head of all known action keywords for "http-request" */
struct action_kw_list http_req_keywords = {
.list = LIST_HEAD_INIT(http_req_keywords.list)
};
/* List head of all known action keywords for "http-response" */
struct action_kw_list http_res_keywords = {
.list = LIST_HEAD_INIT(http_res_keywords.list)
};
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
/* List head of all known action keywords for "http-after-response" */
struct action_kw_list http_after_res_keywords = {
.list = LIST_HEAD_INIT(http_after_res_keywords.list)
};
BUILD: http_rules: do not declare http_*_keywords_registre() inline The 3 functions http_{req,res,after_res}_keywords_register() are referenced in initcalls by their pointer, it makes no sense to declare them inline. At best it causes function duplication, at worst it doesn't build on older compilers.
2022-03-02 08:50:38 -05:00
void http_req_keywords_register(struct action_kw_list *kw_list)
{
LIST_APPEND(&http_req_keywords.list, &kw_list->list);
}
void http_res_keywords_register(struct action_kw_list *kw_list)
{
LIST_APPEND(&http_res_keywords.list, &kw_list->list);
}
void http_after_res_keywords_register(struct action_kw_list *kw_list)
{
LIST_APPEND(&http_after_res_keywords.list, &kw_list->list);
}
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
/*
* Return the struct http_req_action_kw associated to a keyword.
*/
MINOR: actions: Export actions lookup functions These functions will be useful to check if a keyword is already registered. This will be needed by a next patch to fix a bug, and will need to be backported.
2020-11-28 11:40:24 -05:00
struct action_kw *action_http_req_custom(const char *kw)
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
{
return action_lookup(&http_req_keywords.list, kw);
}
/*
* Return the struct http_res_action_kw associated to a keyword.
*/
MINOR: actions: Export actions lookup functions These functions will be useful to check if a keyword is already registered. This will be needed by a next patch to fix a bug, and will need to be backported.
2020-11-28 11:40:24 -05:00
struct action_kw *action_http_res_custom(const char *kw)
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
{
return action_lookup(&http_res_keywords.list, kw);
}
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
/*
* Return the struct http_after_res_action_kw associated to a keyword.
*/
MINOR: actions: Export actions lookup functions These functions will be useful to check if a keyword is already registered. This will be needed by a next patch to fix a bug, and will need to be backported.
2020-11-28 11:40:24 -05:00
struct action_kw *action_http_after_res_custom(const char *kw)
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
{
return action_lookup(&http_after_res_keywords.list, kw);
}
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
/* parse an "http-request" rule */
struct act_rule *parse_http_req_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
{
struct act_rule *rule;
MINOR: http-rules: suggest approaching action names on mismatch This adds support for action_suggest() in http-request, http-response and http-after-response rulesets. For example: parsing [/dev/stdin:2]: 'http-request' expects (...), but got 'del-hdr'. Did you mean 'del-header' maybe ?
2021-03-12 06:01:34 -05:00
const struct action_kw *custom = NULL;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
int cur_arg;
MINOR: rules: add a new function new_act_rule() to allocate act_rules Rules are currently allocated using calloc() by their caller, which does not make it very convenient to pass more information such as the file name and line number. This patch introduces new_act_rule() which performs the malloc() and already takes in argument the ruleset (ACT_F_*), the file name and the line number. This saves the caller from having to assing ->from, and will allow to improve the internal storage with more info.
2021-10-11 02:49:26 -04:00
rule = new_act_rule(ACT_F_HTTP_REQ, file, linenum);
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
if (!rule) {
ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);
BUG/MINOR: http-rules: Don't free new rule on allocation failure If allocation of a new HTTP rule fails, we must not release it calling free_act_rule(). The regression was introduced by the commit dd7e6c6dc ("BUG/MINOR: http-rules: completely free incorrect TCP rules on error"). This patch must only be backported if the commit above is backported. It should fix the issues #1627, #1628 and #1629.
2022-03-21 03:21:19 -04:00
goto out;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
}
MEDIUM: http-rules: Register an action keyword for all http rules There are many specific http actions that don't use the action registration mechanism (allow, deny, set-header...). Instead, the parsing of these actions is inlined in the functions responsible to parse the http-request/http-response rules. There is no reason to not register an action keyword for all these actions. It it the purpose of this patch. The new functions responsible to parse these http actions are defined in http_act.c
2019-12-12 10:40:30 -05:00
if (((custom = action_http_req_custom(args[0])) != NULL)) {
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
char *errmsg = NULL;
cur_arg = 1;
/* try in the module list */
rule->kw = custom;
MINOR: action: implement experimental actions Support experimental actions. It is mandatory to use 'expose-experimental-directives' before to be able to use them. If such action is present in the config file, the tainted status of the process is updated. Another tainted status is set when an experimental action is executed.
2021-05-07 08:25:01 -04:00
if (custom->flags & KWF_EXPERIMENTAL) {
if (!experimental_directives_allowed) {
ha_alert("parsing [%s:%d] : '%s' action is experimental, must be allowed via a global 'expose-experimental-directives'\n",
file, linenum, custom->kw);
goto out_err;
}
mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
}
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
if (custom->parse(args, &cur_arg, proxy, rule, &errmsg) == ACT_RET_PRS_ERR) {
ha_alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-request %s' rule : %s.\n",
file, linenum, proxy_type_str(proxy), proxy->id, args[0], errmsg);
free(errmsg);
goto out_err;
}
MEDIUM: http-rules: Register an action keyword for all http rules There are many specific http actions that don't use the action registration mechanism (allow, deny, set-header...). Instead, the parsing of these actions is inlined in the functions responsible to parse the http-request/http-response rules. There is no reason to not register an action keyword for all these actions. It it the purpose of this patch. The new functions responsible to parse these http actions are defined in http_act.c
2019-12-12 10:40:30 -05:00
else if (errmsg) {
ha_warning("parsing [%s:%d] : %s.\n", file, linenum, errmsg);
free(errmsg);
}
}
else {
MINOR: http-rules: suggest approaching action names on mismatch This adds support for action_suggest() in http-request, http-response and http-after-response rulesets. For example: parsing [/dev/stdin:2]: 'http-request' expects (...), but got 'del-hdr'. Did you mean 'del-header' maybe ?
2021-03-12 06:01:34 -05:00
const char *best = action_suggest(args[0], &http_req_keywords.list, NULL);
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
action_build_list(&http_req_keywords.list, &trash);
MINOR: http-rules: suggest approaching action names on mismatch This adds support for action_suggest() in http-request, http-response and http-after-response rulesets. For example: parsing [/dev/stdin:2]: 'http-request' expects (...), but got 'del-hdr'. Did you mean 'del-header' maybe ?
2021-03-12 06:01:34 -05:00
ha_alert("parsing [%s:%d]: 'http-request' expects %s, but got '%s'%s.%s%s%s\n",
file, linenum, trash.area,
args[0], *args[0] ? "" : " (missing argument)",
best ? " Did you mean '" : "",
best ? best : "",
best ? "' maybe ?" : "");
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
goto out_err;
}
if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
struct acl_cond *cond;
char *errmsg = NULL;
if ((cond = build_acl_cond(file, linenum, &proxy->acl, proxy, args+cur_arg, &errmsg)) == NULL) {
ha_alert("parsing [%s:%d] : error detected while parsing an 'http-request %s' condition : %s.\n",
file, linenum, args[0], errmsg);
free(errmsg);
goto out_err;
}
rule->cond = cond;
}
else if (*args[cur_arg]) {
MEDIUM: http-rules: Register an action keyword for all http rules There are many specific http actions that don't use the action registration mechanism (allow, deny, set-header...). Instead, the parsing of these actions is inlined in the functions responsible to parse the http-request/http-response rules. There is no reason to not register an action keyword for all these actions. It it the purpose of this patch. The new functions responsible to parse these http actions are defined in http_act.c
2019-12-12 10:40:30 -05:00
ha_alert("parsing [%s:%d]: 'http-request %s' expects"
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
" either 'if' or 'unless' followed by a condition but found '%s'.\n",
file, linenum, args[0], args[cur_arg]);
goto out_err;
}
return rule;
out_err:
BUG/MINOR: http-rules: completely free incorrect TCP rules on error When a http-request or http-response rule fails to parse, we currently free only the rule without its contents, which makes ASAN complain. Now that we have a new function for this, let's completely free the rule. This relies on this commit: MINOR: actions: add new function free_act_rule() to free a single rule It's probably not needed to backport this since we're on the exit path anyway.
2022-03-17 15:29:06 -04:00
free_act_rule(rule);
BUG/MINOR: http-rules: Don't free new rule on allocation failure If allocation of a new HTTP rule fails, we must not release it calling free_act_rule(). The regression was introduced by the commit dd7e6c6dc ("BUG/MINOR: http-rules: completely free incorrect TCP rules on error"). This patch must only be backported if the commit above is backported. It should fix the issues #1627, #1628 and #1629.
2022-03-21 03:21:19 -04:00
out:
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
return NULL;
}
/* parse an "http-respose" rule */
struct act_rule *parse_http_res_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
{
struct act_rule *rule;
MINOR: http-rules: suggest approaching action names on mismatch This adds support for action_suggest() in http-request, http-response and http-after-response rulesets. For example: parsing [/dev/stdin:2]: 'http-request' expects (...), but got 'del-hdr'. Did you mean 'del-header' maybe ?
2021-03-12 06:01:34 -05:00
const struct action_kw *custom = NULL;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
int cur_arg;
MINOR: rules: add a new function new_act_rule() to allocate act_rules Rules are currently allocated using calloc() by their caller, which does not make it very convenient to pass more information such as the file name and line number. This patch introduces new_act_rule() which performs the malloc() and already takes in argument the ruleset (ACT_F_*), the file name and the line number. This saves the caller from having to assing ->from, and will allow to improve the internal storage with more info.
2021-10-11 02:49:26 -04:00
rule = new_act_rule(ACT_F_HTTP_RES, file, linenum);
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
if (!rule) {
ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);
BUG/MINOR: http-rules: Don't free new rule on allocation failure If allocation of a new HTTP rule fails, we must not release it calling free_act_rule(). The regression was introduced by the commit dd7e6c6dc ("BUG/MINOR: http-rules: completely free incorrect TCP rules on error"). This patch must only be backported if the commit above is backported. It should fix the issues #1627, #1628 and #1629.
2022-03-21 03:21:19 -04:00
goto out;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
}
MEDIUM: http-rules: Register an action keyword for all http rules There are many specific http actions that don't use the action registration mechanism (allow, deny, set-header...). Instead, the parsing of these actions is inlined in the functions responsible to parse the http-request/http-response rules. There is no reason to not register an action keyword for all these actions. It it the purpose of this patch. The new functions responsible to parse these http actions are defined in http_act.c
2019-12-12 10:40:30 -05:00
if (((custom = action_http_res_custom(args[0])) != NULL)) {
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
char *errmsg = NULL;
cur_arg = 1;
/* try in the module list */
rule->kw = custom;
MINOR: action: implement experimental actions Support experimental actions. It is mandatory to use 'expose-experimental-directives' before to be able to use them. If such action is present in the config file, the tainted status of the process is updated. Another tainted status is set when an experimental action is executed.
2021-05-07 08:25:01 -04:00
if (custom->flags & KWF_EXPERIMENTAL) {
if (!experimental_directives_allowed) {
ha_alert("parsing [%s:%d] : '%s' action is experimental, must be allowed via a global 'expose-experimental-directives'\n",
file, linenum, custom->kw);
goto out_err;
}
mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
}
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
if (custom->parse(args, &cur_arg, proxy, rule, &errmsg) == ACT_RET_PRS_ERR) {
ha_alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-response %s' rule : %s.\n",
file, linenum, proxy_type_str(proxy), proxy->id, args[0], errmsg);
free(errmsg);
goto out_err;
}
MEDIUM: http-rules: Register an action keyword for all http rules There are many specific http actions that don't use the action registration mechanism (allow, deny, set-header...). Instead, the parsing of these actions is inlined in the functions responsible to parse the http-request/http-response rules. There is no reason to not register an action keyword for all these actions. It it the purpose of this patch. The new functions responsible to parse these http actions are defined in http_act.c
2019-12-12 10:40:30 -05:00
else if (errmsg) {
ha_warning("parsing [%s:%d] : %s.\n", file, linenum, errmsg);
free(errmsg);
}
}
else {
MINOR: http-rules: suggest approaching action names on mismatch This adds support for action_suggest() in http-request, http-response and http-after-response rulesets. For example: parsing [/dev/stdin:2]: 'http-request' expects (...), but got 'del-hdr'. Did you mean 'del-header' maybe ?
2021-03-12 06:01:34 -05:00
const char *best = action_suggest(args[0], &http_res_keywords.list, NULL);
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
action_build_list(&http_res_keywords.list, &trash);
MINOR: http-rules: suggest approaching action names on mismatch This adds support for action_suggest() in http-request, http-response and http-after-response rulesets. For example: parsing [/dev/stdin:2]: 'http-request' expects (...), but got 'del-hdr'. Did you mean 'del-header' maybe ?
2021-03-12 06:01:34 -05:00
ha_alert("parsing [%s:%d]: 'http-response' expects %s, but got '%s'%s.%s%s%s\n",
file, linenum, trash.area,
args[0], *args[0] ? "" : " (missing argument)",
best ? " Did you mean '" : "",
best ? best : "",
best ? "' maybe ?" : "");
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
goto out_err;
}
if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
struct acl_cond *cond;
char *errmsg = NULL;
if ((cond = build_acl_cond(file, linenum, &proxy->acl, proxy, args+cur_arg, &errmsg)) == NULL) {
ha_alert("parsing [%s:%d] : error detected while parsing an 'http-response %s' condition : %s.\n",
file, linenum, args[0], errmsg);
free(errmsg);
goto out_err;
}
rule->cond = cond;
}
else if (*args[cur_arg]) {
ha_alert("parsing [%s:%d]: 'http-response %s' expects"
" either 'if' or 'unless' followed by a condition but found '%s'.\n",
file, linenum, args[0], args[cur_arg]);
goto out_err;
}
return rule;
out_err:
BUG/MINOR: http-rules: completely free incorrect TCP rules on error When a http-request or http-response rule fails to parse, we currently free only the rule without its contents, which makes ASAN complain. Now that we have a new function for this, let's completely free the rule. This relies on this commit: MINOR: actions: add new function free_act_rule() to free a single rule It's probably not needed to backport this since we're on the exit path anyway.
2022-03-17 15:29:06 -04:00
free_act_rule(rule);
BUG/MINOR: http-rules: Don't free new rule on allocation failure If allocation of a new HTTP rule fails, we must not release it calling free_act_rule(). The regression was introduced by the commit dd7e6c6dc ("BUG/MINOR: http-rules: completely free incorrect TCP rules on error"). This patch must only be backported if the commit above is backported. It should fix the issues #1627, #1628 and #1629.
2022-03-21 03:21:19 -04:00
out:
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
return NULL;
}
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
/* parse an "http-after-response" rule */
struct act_rule *parse_http_after_res_cond(const char **args, const char *file, int linenum, struct proxy *proxy)
{
struct act_rule *rule;
MINOR: http-rules: suggest approaching action names on mismatch This adds support for action_suggest() in http-request, http-response and http-after-response rulesets. For example: parsing [/dev/stdin:2]: 'http-request' expects (...), but got 'del-hdr'. Did you mean 'del-header' maybe ?
2021-03-12 06:01:34 -05:00
const struct action_kw *custom = NULL;
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
int cur_arg;
MINOR: rules: add a new function new_act_rule() to allocate act_rules Rules are currently allocated using calloc() by their caller, which does not make it very convenient to pass more information such as the file name and line number. This patch introduces new_act_rule() which performs the malloc() and already takes in argument the ruleset (ACT_F_*), the file name and the line number. This saves the caller from having to assing ->from, and will allow to improve the internal storage with more info.
2021-10-11 02:49:26 -04:00
rule = new_act_rule(ACT_F_HTTP_RES, file, linenum);
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
if (!rule) {
ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);
BUG/MINOR: http-rules: Don't free new rule on allocation failure If allocation of a new HTTP rule fails, we must not release it calling free_act_rule(). The regression was introduced by the commit dd7e6c6dc ("BUG/MINOR: http-rules: completely free incorrect TCP rules on error"). This patch must only be backported if the commit above is backported. It should fix the issues #1627, #1628 and #1629.
2022-03-21 03:21:19 -04:00
goto out;
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
}
if (((custom = action_http_after_res_custom(args[0])) != NULL)) {
char *errmsg = NULL;
cur_arg = 1;
/* try in the module list */
rule->kw = custom;
if (custom->parse(args, &cur_arg, proxy, rule, &errmsg) == ACT_RET_PRS_ERR) {
ha_alert("parsing [%s:%d] : error detected in %s '%s' while parsing 'http-after-response %s' rule : %s.\n",
file, linenum, proxy_type_str(proxy), proxy->id, args[0], errmsg);
free(errmsg);
goto out_err;
}
else if (errmsg) {
ha_warning("parsing [%s:%d] : %s.\n", file, linenum, errmsg);
free(errmsg);
}
}
else {
MINOR: http-rules: suggest approaching action names on mismatch This adds support for action_suggest() in http-request, http-response and http-after-response rulesets. For example: parsing [/dev/stdin:2]: 'http-request' expects (...), but got 'del-hdr'. Did you mean 'del-header' maybe ?
2021-03-12 06:01:34 -05:00
const char *best = action_suggest(args[0], &http_after_res_keywords.list, NULL);
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
action_build_list(&http_after_res_keywords.list, &trash);
MINOR: http-rules: suggest approaching action names on mismatch This adds support for action_suggest() in http-request, http-response and http-after-response rulesets. For example: parsing [/dev/stdin:2]: 'http-request' expects (...), but got 'del-hdr'. Did you mean 'del-header' maybe ?
2021-03-12 06:01:34 -05:00
ha_alert("parsing [%s:%d]: 'http-after-response' expects %s, but got '%s'%s.%s%s%s\n",
file, linenum, trash.area,
args[0], *args[0] ? "" : " (missing argument)",
best ? " Did you mean '" : "",
best ? best : "",
best ? "' maybe ?" : "");
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
goto out_err;
}
if (strcmp(args[cur_arg], "if") == 0 || strcmp(args[cur_arg], "unless") == 0) {
struct acl_cond *cond;
char *errmsg = NULL;
if ((cond = build_acl_cond(file, linenum, &proxy->acl, proxy, args+cur_arg, &errmsg)) == NULL) {
ha_alert("parsing [%s:%d] : error detected while parsing an 'http-after-response %s' condition : %s.\n",
file, linenum, args[0], errmsg);
free(errmsg);
goto out_err;
}
rule->cond = cond;
}
else if (*args[cur_arg]) {
ha_alert("parsing [%s:%d]: 'http-after-response %s' expects"
" either 'if' or 'unless' followed by a condition but found '%s'.\n",
file, linenum, args[0], args[cur_arg]);
goto out_err;
}
return rule;
out_err:
BUG/MINOR: http-rules: completely free incorrect TCP rules on error When a http-request or http-response rule fails to parse, we currently free only the rule without its contents, which makes ASAN complain. Now that we have a new function for this, let's completely free the rule. This relies on this commit: MINOR: actions: add new function free_act_rule() to free a single rule It's probably not needed to backport this since we're on the exit path anyway.
2022-03-17 15:29:06 -04:00
free_act_rule(rule);
BUG/MINOR: http-rules: Don't free new rule on allocation failure If allocation of a new HTTP rule fails, we must not release it calling free_act_rule(). The regression was introduced by the commit dd7e6c6dc ("BUG/MINOR: http-rules: completely free incorrect TCP rules on error"). This patch must only be backported if the commit above is backported. It should fix the issues #1627, #1628 and #1629.
2022-03-21 03:21:19 -04:00
out:
MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding This patch introduces the 'http-after-response' rules. These rules are evaluated at the end of the response analysis, just before the data forwarding, on ALL HTTP responses, the server ones but also all responses generated by HAProxy. Thanks to this ruleset, it is now possible for instance to add some headers to the responses generated by the stats applet. Following actions are supported : * allow * add-header * del-header * replace-header * replace-value * set-header * set-status * set-var * strict-mode * unset-var
2020-01-22 03:26:35 -05:00
return NULL;
}
MINOR: proxy: add http_free_redirect_rule() function Adding http_free_redirect_rule() function to free a single redirect rule since it may be required to free rules outside of free_proxy() function. This patch is required for an upcoming bugfix. [for 2.2, free_proxy function did not exist (first seen in 2.4), thus http_free_redirect_rule() needs to be deducted from haproxy.c deinit() function if the patch is required]
2023-05-11 04:30:27 -04:00
/* completely free redirect rule */
void http_free_redirect_rule(struct redirect_rule *rdr)
{
MINOR: tree-wide: use free_acl_cond() where relevant Now that we have free_acl_cond(cond) function that does cond prune then frees cond, replace all occurences of this pattern: | prune_acl_cond(cond) | free(cond) with: | free_acl_cond(cond)
2023-05-11 06:29:51 -04:00
free_acl_cond(rdr->cond);
MINOR: proxy: add http_free_redirect_rule() function Adding http_free_redirect_rule() function to free a single redirect rule since it may be required to free rules outside of free_proxy() function. This patch is required for an upcoming bugfix. [for 2.2, free_proxy function did not exist (first seen in 2.4), thus http_free_redirect_rule() needs to be deducted from haproxy.c deinit() function if the patch is required]
2023-05-11 04:30:27 -04:00
free(rdr->rdr_str);
MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules It is now possible to use a log-format string to define the "Set-Cookie" header value of a response generated by a redirect rule. There is no special check on the result format and it is not possible during the configuration parsing. It is proably not a big deal because already existing "set-cookie" and "clear-cookie" options don't perform any check. Here is an example: http-request redirect location https://someurl.com/ set-cookie haproxy="%[var(txn.var)]" This patch should fix the issue #1784.
2024-11-18 12:03:23 -05:00
if ((rdr->flags & REDIRECT_FLAG_COOKIE_FMT))
lf_expr_deinit(&rdr->cookie.fmt);
else
istfree(&rdr->cookie.str);
MEDIUM: tree-wide: add logformat expressions wrapper log format expressions are broadly used within the code: once they are parsed from input string, they are converted to a linked list of logformat nodes. We're starting to face some limitations because we're simply storing the converted expression as a generic logformat_node list. The first issue we're facing is that storing logformat expressions that way doesn't allow us to add metadata alongside the list, which is part of the prerequites for implementing log-profiles. Another issue with storing logformat expressions as generic lists of logformat_node elements is that it's starting to become really hard to tell when we rely on logformat expressions or not in the code given that there isn't always a comment near the list declaration or manipulation to indicate that it's relying on logformat expressions under the hood, so this adds some complexity for code maintenance. This patch looks quite impressive due to changes in a lot of header and source files (since logformat expressions are broadly used), but it does a simple thing: it defines the lf_expr structure which itself holds a generic list of logformat nodes, and then declares some helpers to manipulate lf_expr elements and fixes the code so that we now exclusively manipulate logformat_node lists as lf_expr elements outside of log.c. For now, lf_expr struct only contains the list of logformat nodes (no additional metadata), but now that we have dedicated type and helpers, doing so in the future won't be problematic at all and won't require extensive code changes.
2024-02-23 09:57:21 -05:00
lf_expr_deinit(&rdr->rdr_fmt);
MINOR: proxy: add http_free_redirect_rule() function Adding http_free_redirect_rule() function to free a single redirect rule since it may be required to free rules outside of free_proxy() function. This patch is required for an upcoming bugfix. [for 2.2, free_proxy function did not exist (first seen in 2.4), thus http_free_redirect_rule() needs to be deducted from haproxy.c deinit() function if the patch is required]
2023-05-11 04:30:27 -04:00
free(rdr);
}
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
/* Parses a redirect rule. Returns the redirect rule on success or NULL on error,
* with <err> filled with the error message. If <use_fmt> is not null, builds a
* dynamic log-format rule instead of a static string. Parameter <dir> indicates
* the direction of the rule, and equals 0 for request, non-zero for responses.
*/
struct redirect_rule *http_parse_redirect_rule(const char *file, int linenum, struct proxy *curproxy,
const char **args, char **errmsg, int use_fmt, int dir)
{
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
struct redirect_rule *rule = NULL;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
int cur_arg;
int type = REDIRECT_TYPE_NONE;
int code = 302;
const char *destination = NULL;
const char *cookie = NULL;
int cookie_set = 0;
MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules It is now possible to use a log-format string to define the "Set-Cookie" header value of a response generated by a redirect rule. There is no special check on the result format and it is not possible during the configuration parsing. It is proably not a big deal because already existing "set-cookie" and "clear-cookie" options don't perform any check. Here is an example: http-request redirect location https://someurl.com/ set-cookie haproxy="%[var(txn.var)]" This patch should fix the issue #1784.
2024-11-18 12:03:23 -05:00
size_t cookie_len = 0;
MINOR: http-rules: Add a flag on redirect rules to know the rule direction HTTP redirect rules can be evaluated on the request or the response path. So when a redirect rule is evaluated, it is important to have this information because some specific processing may be performed depending on the direction. So the REDIRECT_FLAG_FROM_REQ flag has been added. It is set when applicable on the redirect rule during the parsing. This patch is mandatory to fix a bug on redirect rule. It must be backported to all stable versions.
2020-01-28 03:13:41 -05:00
unsigned int flags = (!dir ? REDIRECT_FLAG_FROM_REQ : REDIRECT_FLAG_NONE);
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
struct acl_cond *cond = NULL;
cur_arg = 0;
while (*(args[cur_arg])) {
if (strcmp(args[cur_arg], "location") == 0) {
if (!*args[cur_arg + 1])
goto missing_arg;
type = REDIRECT_TYPE_LOCATION;
cur_arg++;
destination = args[cur_arg];
}
else if (strcmp(args[cur_arg], "prefix") == 0) {
if (!*args[cur_arg + 1])
goto missing_arg;
type = REDIRECT_TYPE_PREFIX;
cur_arg++;
destination = args[cur_arg];
}
else if (strcmp(args[cur_arg], "scheme") == 0) {
if (!*args[cur_arg + 1])
goto missing_arg;
type = REDIRECT_TYPE_SCHEME;
cur_arg++;
destination = args[cur_arg];
}
else if (strcmp(args[cur_arg], "set-cookie") == 0) {
if (!*args[cur_arg + 1])
goto missing_arg;
cur_arg++;
cookie = args[cur_arg];
cookie_set = 1;
}
MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules It is now possible to use a log-format string to define the "Set-Cookie" header value of a response generated by a redirect rule. There is no special check on the result format and it is not possible during the configuration parsing. It is proably not a big deal because already existing "set-cookie" and "clear-cookie" options don't perform any check. Here is an example: http-request redirect location https://someurl.com/ set-cookie haproxy="%[var(txn.var)]" This patch should fix the issue #1784.
2024-11-18 12:03:23 -05:00
else if (strcmp(args[cur_arg], "set-cookie-fmt") == 0) {
if (!*args[cur_arg + 1])
goto missing_arg;
cur_arg++;
cookie = args[cur_arg];
cookie_set = 2;
}
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
else if (strcmp(args[cur_arg], "clear-cookie") == 0) {
if (!*args[cur_arg + 1])
goto missing_arg;
cur_arg++;
cookie = args[cur_arg];
cookie_set = 0;
}
else if (strcmp(args[cur_arg], "code") == 0) {
if (!*args[cur_arg + 1])
goto missing_arg;
cur_arg++;
code = atol(args[cur_arg]);
if (code < 301 || code > 308 || (code > 303 && code < 307)) {
memprintf(errmsg,
"'%s': unsupported HTTP code '%s' (must be one of 301, 302, 303, 307 or 308)",
args[cur_arg - 1], args[cur_arg]);
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
goto err;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
}
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[cur_arg], "drop-query") == 0) {
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
flags |= REDIRECT_FLAG_DROP_QS;
}
MINOR: http-ana: Add option to keep query-string on a localtion-based redirect On prefix-based redirect, there is an option to drop the query-string of the location. Here it is the opposite. an option is added to preserve the query-string of the original URI for a localtion-based redirect. By setting "keep-query" option, for a location-based redirect only, the query-string of the original URI is appended to the location. If there is no query-string, nothing is added (no empty '?'). If there is already a non-empty query-string on the localtion, the original one is appended with '&' separator. This patch should fix issue #2728.
2024-11-15 11:03:06 -05:00
else if (strcmp(args[cur_arg], "keep-query") == 0) {
flags |= REDIRECT_FLAG_KEEP_QS;
}
CLEANUP: Compare the return value of `XXXcmp()` functions with zero According to coding-style.txt it is recommended to use: `strcmp(a, b) == 0` instead of `!strcmp(a, b)` So let's do this. The change was performed by running the following (very long) coccinelle patch on src/: @@ statement S; expression E; expression F; @@ if ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) ( S | { ... } ) @@ statement S; expression E; expression F; @@ if ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) ( S | { ... } ) @@ expression E; expression F; expression G; @@ ( G && ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( G || ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 && G ) @@ expression E; expression F; expression G; @@ ( ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) != 0 || G ) @@ expression E; expression F; expression G; @@ ( G && - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( G || - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 && G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 || G ) @@ expression E; expression F; expression G; @@ ( - ! ( dns_hostname_cmp | eb_memcmp | memcmp | strcasecmp | strcmp | strncasecmp | strncmp ) - (E, F) + (E, F) == 0 )
2021-01-02 16:31:53 -05:00
else if (strcmp(args[cur_arg], "append-slash") == 0) {
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
flags |= REDIRECT_FLAG_APPEND_SLASH;
}
MINOR: http-rules: add a new "ignore-empty" option to redirects. Sometimes it is convenient to remap large sets of URIs to new ones (e.g. after a site migration for example). This can be achieved using "http-request redirect" combined with maps, but one difficulty there is that non-matching entries will return an empty response. In order to avoid this, duplicating the operation as an ACL condition ending in "-m found" is possible but it becomes complex and error-prone while it's known that an empty URL is not valid in a location header. This patch addresses this by improving the redirect rules to be able to simply ignore the rule and skip to the next one if the result of the evaluation of the "location" expression is empty. However in order not to break existing setups, it requires a new "ignore-empty" keyword. There used to be an ACT_FLAG_FINAL on redirect rules that's used during the parsing to emit a warning if followed by another rule, so here we only set it if the option is not there. The http_apply_redirect_rule() function now returns a 3rd value to mention that it did nothing and that this was not an error, so that callers can just ignore the rule. The regular "redirect" rules were not modified however since this does not apply there. The map_redirect VTC was completed with such a test and updated to 2.5 and an example was added into the documentation.
2021-09-02 10:54:33 -04:00
else if (strcmp(args[cur_arg], "ignore-empty") == 0) {
flags |= REDIRECT_FLAG_IGNORE_EMPTY;
}
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
else if (strcmp(args[cur_arg], "if") == 0 ||
strcmp(args[cur_arg], "unless") == 0) {
cond = build_acl_cond(file, linenum, &curproxy->acl, curproxy, (const char **)args + cur_arg, errmsg);
if (!cond) {
memprintf(errmsg, "error in condition: %s", *errmsg);
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
goto err;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
}
break;
}
else {
memprintf(errmsg,
MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules It is now possible to use a log-format string to define the "Set-Cookie" header value of a response generated by a redirect rule. There is no special check on the result format and it is not possible during the configuration parsing. It is proably not a big deal because already existing "set-cookie" and "clear-cookie" options don't perform any check. Here is an example: http-request redirect location https://someurl.com/ set-cookie haproxy="%[var(txn.var)]" This patch should fix the issue #1784.
2024-11-18 12:03:23 -05:00
"expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'set-cookie-fmt',"
" 'clear-cookie', 'drop-query', 'keep-query', 'ignore-empty' or 'append-slash' (was '%s')",
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
args[cur_arg]);
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
goto err;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
}
cur_arg++;
}
if (type == REDIRECT_TYPE_NONE) {
memprintf(errmsg, "redirection type expected ('prefix', 'location', or 'scheme')");
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
goto err;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
}
if (dir && type != REDIRECT_TYPE_LOCATION) {
memprintf(errmsg, "response only supports redirect type 'location'");
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
goto err;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
}
rule = calloc(1, sizeof(*rule));
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
if (!rule)
goto out_of_memory;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
rule->cond = cond;
MEDIUM: tree-wide: add logformat expressions wrapper log format expressions are broadly used within the code: once they are parsed from input string, they are converted to a linked list of logformat nodes. We're starting to face some limitations because we're simply storing the converted expression as a generic logformat_node list. The first issue we're facing is that storing logformat expressions that way doesn't allow us to add metadata alongside the list, which is part of the prerequites for implementing log-profiles. Another issue with storing logformat expressions as generic lists of logformat_node elements is that it's starting to become really hard to tell when we rely on logformat expressions or not in the code given that there isn't always a comment near the list declaration or manipulation to indicate that it's relying on logformat expressions under the hood, so this adds some complexity for code maintenance. This patch looks quite impressive due to changes in a lot of header and source files (since logformat expressions are broadly used), but it does a simple thing: it defines the lf_expr structure which itself holds a generic list of logformat nodes, and then declares some helpers to manipulate lf_expr elements and fixes the code so that we now exclusively manipulate logformat_node lists as lf_expr elements outside of log.c. For now, lf_expr struct only contains the list of logformat nodes (no additional metadata), but now that we have dedicated type and helpers, doing so in the future won't be problematic at all and won't require extensive code changes.
2024-02-23 09:57:21 -05:00
lf_expr_init(&rule->rdr_fmt);
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
if (!use_fmt) {
/* old-style static redirect rule */
rule->rdr_str = strdup(destination);
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
if (!rule->rdr_str)
goto out_of_memory;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
rule->rdr_len = strlen(destination);
}
else {
/* log-format based redirect rule */
BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags When the sample validity flags are computed to check if a sample is used in a valid scope, the flags depending on the proxy capabilities must be cumulated. Historically, for a sample on the request, only the frontend capability was used to set the sample validity flags while for a sample on the response only the backend was used. But it is a problem for listen or defaults proxies. For those proxies, all frontend and backend samples should be valid. However, at many place, only frontend ones are possible. For instance, it is impossible to set the backend name (be_name) into a variable from a listen proxy. This bug exists on all stable versions. Thus this patch should probably be backported. But with some caution because the code has probably changed serveral times. Note that nobody has ever noticed this issue. So the need to backport this patch must be evaluated for each branch.
2021-10-13 11:22:17 -04:00
int cap = 0;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
/* Parse destination. Note that in the REDIRECT_TYPE_PREFIX case,
* if prefix == "/", we don't want to add anything, otherwise it
* makes it hard for the user to configure a self-redirection.
*/
curproxy->conf.args.ctx = ARGC_RDR;
BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags When the sample validity flags are computed to check if a sample is used in a valid scope, the flags depending on the proxy capabilities must be cumulated. Historically, for a sample on the request, only the frontend capability was used to set the sample validity flags while for a sample on the response only the backend was used. But it is a problem for listen or defaults proxies. For those proxies, all frontend and backend samples should be valid. However, at many place, only frontend ones are possible. For instance, it is impossible to set the backend name (be_name) into a variable from a listen proxy. This bug exists on all stable versions. Thus this patch should probably be backported. But with some caution because the code has probably changed serveral times. Note that nobody has ever noticed this issue. So the need to backport this patch must be evaluated for each branch.
2021-10-13 11:22:17 -04:00
if (curproxy->cap & PR_CAP_FE)
cap |= (dir ? SMP_VAL_FE_HRS_HDR : SMP_VAL_FE_HRQ_HDR);
if (curproxy->cap & PR_CAP_BE)
cap |= (dir ? SMP_VAL_BE_HRS_HDR : SMP_VAL_BE_HRQ_HDR);
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
if (!(type == REDIRECT_TYPE_PREFIX && destination[0] == '/' && destination[1] == '\0')) {
BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags When the sample validity flags are computed to check if a sample is used in a valid scope, the flags depending on the proxy capabilities must be cumulated. Historically, for a sample on the request, only the frontend capability was used to set the sample validity flags while for a sample on the response only the backend was used. But it is a problem for listen or defaults proxies. For those proxies, all frontend and backend samples should be valid. However, at many place, only frontend ones are possible. For instance, it is impossible to set the backend name (be_name) into a variable from a listen proxy. This bug exists on all stable versions. Thus this patch should probably be backported. But with some caution because the code has probably changed serveral times. Note that nobody has ever noticed this issue. So the need to backport this patch must be evaluated for each branch.
2021-10-13 11:22:17 -04:00
if (!parse_logformat_string(destination, curproxy, &rule->rdr_fmt, LOG_OPT_HTTP, cap, errmsg)) {
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
goto err;
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
}
}
}
if (cookie) {
/* depending on cookie_set, either we want to set the cookie, or to clear it.
* a clear consists in appending "; path=/; Max-Age=0;" at the end.
*/
MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules It is now possible to use a log-format string to define the "Set-Cookie" header value of a response generated by a redirect rule. There is no special check on the result format and it is not possible during the configuration parsing. It is proably not a big deal because already existing "set-cookie" and "clear-cookie" options don't perform any check. Here is an example: http-request redirect location https://someurl.com/ set-cookie haproxy="%[var(txn.var)]" This patch should fix the issue #1784.
2024-11-18 12:03:23 -05:00
cookie_len = strlen(cookie);
if (cookie_set == 1) { // set-cookie
rule->cookie.str = istalloc(cookie_len+9);
if (!isttest(rule->cookie.str))
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
goto out_of_memory;
MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules It is now possible to use a log-format string to define the "Set-Cookie" header value of a response generated by a redirect rule. There is no special check on the result format and it is not possible during the configuration parsing. It is proably not a big deal because already existing "set-cookie" and "clear-cookie" options don't perform any check. Here is an example: http-request redirect location https://someurl.com/ set-cookie haproxy="%[var(txn.var)]" This patch should fix the issue #1784.
2024-11-18 12:03:23 -05:00
istcpy(&rule->cookie.str, ist2(cookie, cookie_len), cookie_len);
istcat(&rule->cookie.str, ist2("; path=/;", 9), cookie_len+10);
}
else if (cookie_set == 2) { // set-cookie-fmt
int cap = 0;
lf_expr_init(&rule->cookie.fmt);
curproxy->conf.args.ctx = ARGC_RDR;
if (curproxy->cap & PR_CAP_FE)
cap |= (dir ? SMP_VAL_FE_HRS_HDR : SMP_VAL_FE_HRQ_HDR);
if (curproxy->cap & PR_CAP_BE)
cap |= (dir ? SMP_VAL_BE_HRS_HDR : SMP_VAL_BE_HRQ_HDR);
chunk_memcpy(&trash, cookie, cookie_len);
chunk_strcat(&trash, "; path=/;");
if (!parse_logformat_string(trash.area, curproxy, &rule->cookie.fmt, LOG_OPT_HTTP, cap, errmsg)) {
goto err;
}
flags |= REDIRECT_FLAG_COOKIE_FMT;
}
else { // clear-cookie
rule->cookie.str = istalloc(cookie_len+20);
if (!isttest(rule->cookie.str))
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
goto out_of_memory;
MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules It is now possible to use a log-format string to define the "Set-Cookie" header value of a response generated by a redirect rule. There is no special check on the result format and it is not possible during the configuration parsing. It is proably not a big deal because already existing "set-cookie" and "clear-cookie" options don't perform any check. Here is an example: http-request redirect location https://someurl.com/ set-cookie haproxy="%[var(txn.var)]" This patch should fix the issue #1784.
2024-11-18 12:03:23 -05:00
istcpy(&rule->cookie.str, ist2(cookie, cookie_len), cookie_len);
istcat(&rule->cookie.str, ist2("; path=/; Max-Age=0;", 20), cookie_len+21);
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
}
}
rule->type = type;
rule->code = code;
rule->flags = flags;
LIST_INIT(&rule->list);
return rule;
missing_arg:
memprintf(errmsg, "missing argument for '%s'", args[cur_arg]);
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
goto err;
out_of_memory:
memprintf(errmsg, "parsing [%s:%d]: out of memory.", file, linenum);
err:
if (rule)
http_free_redirect_rule(rule);
else if (cond) {
/* rule not yet allocated, but cond already is */
MINOR: tree-wide: use free_acl_cond() where relevant Now that we have free_acl_cond(cond) function that does cond prune then frees cond, replace all occurences of this pattern: | prune_acl_cond(cond) | free(cond) with: | free_acl_cond(cond)
2023-05-11 06:29:51 -04:00
free_acl_cond(cond);
BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() http_parse_redirect_rule() doesn't perform enough checks around NULL returning allocating functions. Moreover, existing error paths don't perform cleanups. This could lead to memory leaks. Adding a few checks and a cleanup path to ensure memory errors are properly handled and that no memory leaks occurs within the function (already allocated structures are freed on error path). It should partially fix GH #2130. This patch depends on ("MINOR: proxy: add http_free_redirect_rule() function") This could be backported up to 2.4. The patch is also relevant for 2.2 but "MINOR: proxy: add http_free_redirect_rule() function" would need to be adapted first. == Backport notes: -> For 2.2 only: Replace: (strcmp(args[cur_arg], "drop-query") == 0) with: (!strcmp(args[cur_arg],"drop-query")) -> For 2.2 and 2.4: Replace: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was '%s')", with: "expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was '%s')",
2023-05-11 04:34:49 -04:00
}
REORG: http: move HTTP rules parsing to http_rules.c These ones are mostly called from cfgparse.c for the parsing and do not depend on the HTTP representation. The functions's prototypes were moved to proto/http_rules.h, making this file work exactly like tcp_rules. Ideally we should stop calling these functions directly from cfgparse and register keywords, but there are a few cases where that wouldn't work (stats http-request) so it's probably not worth trying to go this far.
2018-10-02 10:43:32 -04:00
return NULL;
}
/*
* Local variables:
* c-indent-level: 8
* c-basic-offset: 8
* End:
*/
Reference in a new issue Copy permalink