It was deprecated with HAProxy 1.5. Time to remove it.
---
 doc/configuration.txt  | 30 ------------------------------
 include/types/global.h |  2 +-
 src/cfgparse-listen.c  | 30 ++++--------------------------
 3 files changed, 5 insertions(+), 57 deletions(-)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index c8ccaad1b..e520c1548 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -2283,7 +2283,6 @@ backlog                                   X          X    
     X         -
 balance                                   X          -         X         X
 bind                                      -          X         X         -
 bind-process                              X          X         X         X
-block                       (deprecated)  -          X         X         X
 capture cookie                            -          X         X         -
 capture request header                    -          X         X         -
 capture response header                   -          X         X         -
@@ -2935,35 +2934,6 @@ bind-process [ all | odd | even | 
<process_num>[-[<process_num>]] ] ...
   See also : "nbproc" in global section, and "process" in section 5.1.
 
 
-block { if | unless } <condition> (deprecated)
-  Block a layer 7 request if/unless a condition is matched
-  May be used in sections :   defaults | frontend | listen | backend
-                                 no    |    yes   |   yes  |   yes
-
-  The HTTP request will be blocked very early in the layer 7 processing
-  if/unless <condition> is matched. A 403 error will be returned if the request
-  is blocked. The condition has to reference ACLs (see section 7). This is
-  typically used to deny access to certain sensitive resources if some
-  conditions are met or not met. There is no fixed limit to the number of
-  "block" statements per instance. To block connections at layer 4 (without
-  sending a 403 error) see "tcp-request connection reject" and
-  "tcp-request content reject" rules.
-
-  This form is deprecated, do not use it in any new configuration, use the new
-  "http-request deny" instead.
-
-  Example:
-        acl invalid_src  src          0.0.0.0/7 224.0.0.0/3
-        acl invalid_src  src_port     0:1023
-        acl local_dst    hdr(host) -i localhost
-        # block is deprecated. Use http-request deny instead:
-        #block if invalid_src || local_dst
-        http-request deny if invalid_src || local_dst
-
-  See also : section 7 about ACL usage, "http-request deny",
-            "http-response deny", "tcp-request connection reject" and
-            "tcp-request content reject".
-
 capture cookie <name> len <length>
   Capture and log a cookie in the request and in the response.
   May be used in sections :   defaults | frontend | listen | backend
diff --git a/include/types/global.h b/include/types/global.h
index 2df0da9b4..ab1c3036e 100644
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -245,7 +245,7 @@ extern int atexit_flag;
 __decl_hathreads(extern pthread_t *threads);
 
 /* bit values to go with "warned" above */
-#define WARN_BLOCK_DEPRECATED       0x00000001
+/* unassigned : 0x00000001 (previously: WARN_BLOCK_DEPRECATED) */
 /* unassigned : 0x00000002 */
 #define WARN_REDISPATCH_DEPRECATED  0x00000004
 #define WARN_CLITO_DEPRECATED       0x00000008
diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index 7760d9c3c..0a3aa9281 100644
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -1521,33 +1521,11 @@ int cfg_parse_listen(const char *file, int linenum, 
char **args, int kwm)
                curproxy->server_id_hdr_name = strdup(args[1]);
                curproxy->server_id_hdr_len  = 
strlen(curproxy->server_id_hdr_name);
        }
-       else if (!strcmp(args[0], "block")) {  /* early blocking based on ACLs 
*/
-               struct act_rule *rule;
-
-               if (curproxy == &defproxy) {
-                       ha_alert("parsing [%s:%d] : '%s' not allowed in 
'defaults' section.\n", file, linenum, args[0]);
-                       err_code |= ERR_ALERT | ERR_FATAL;
-                       goto out;
-               }
-
-               /* emulate "block" using "http-request block". Since these 
rules are supposed to
-                * be processed before all http-request rules, we put them into 
their own list
-                * and will insert them at the end.
-                */
-               rule = parse_http_req_cond((const char **)args, file, linenum, 
curproxy);
-               if (!rule) {
-                       err_code |= ERR_ALERT | ERR_ABORT;
-                       goto out;
-               }
-               err_code |= warnif_misplaced_block(curproxy, file, linenum, 
args[0]);
-               err_code |= warnif_cond_conflicts(rule->cond,
-                                                 (curproxy->cap & PR_CAP_FE) ? 
SMP_VAL_FE_HRQ_HDR : SMP_VAL_BE_HRQ_HDR,
-                                                 file, linenum);
-               LIST_ADDQ(&curproxy->block_rules, &rule->list);
-
-               if (!already_warned(WARN_BLOCK_DEPRECATED))
-                       ha_warning("parsing [%s:%d] : The '%s' directive is now 
deprecated in favor of 'http-request deny' which uses the exact same syntax. 
The rules are translated but support might disappear in a future version.\n", 
file, linenum, args[0]);
+       else if (!strcmp(args[0], "block")) {
+               ha_alert("parsing [%s:%d] : The '%s' directive is not supported 
anymore since HAProxy 2.1. Use 'http-request deny' which uses the exact same 
syntax.\n", file, linenum, args[0]);
 
+               err_code |= ERR_ALERT | ERR_FATAL;
+               goto out;
        }
        else if (!strcmp(args[0], "redirect")) {
                struct redirect_rule *rule;
-- 
2.21.0


Reply via email to