Re: ACL block ignored in 2.0.25

Bart van der Schans Thu, 18 Nov 2021 11:07:45 -0800

Here is the patch:

Fix "block" ACL by reverting accidental removal of code in
8ab2a364a8c8adf0965e74a41a2ff3cebd43e7a9
---
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 857321e1..78f0ed76 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -2823,6 +2823,16 @@ int check_config_validity()
                        }
                }


+       /* move any "block" rules at the beginning of the http-request
rules */
+       if (!LIST_ISEMPTY(&curproxy->block_rules)) {
+               /* insert block_rules into http_req_rules at the beginning
*/
+               curproxy->block_rules.p->n    = curproxy->http_req_rules.n;
+               curproxy->http_req_rules.n->p = curproxy->block_rules.p;
+               curproxy->block_rules.n->p    = &curproxy->http_req_rules;
+               curproxy->http_req_rules.n    = curproxy->block_rules.n;
+               LIST_INIT(&curproxy->block_rules);
+       }
+
                /* check validity for 'tcp-request' layer 4/5/6/7 rules */
                cfgerr += check_action_rules(&curproxy->tcp_req.l4_rules,
curproxy, &err_code);
                cfgerr += check_action_rules(&curproxy->tcp_req.l5_rules,
curproxy, &err_code);
--

On Thu, Nov 18, 2021 at 6:11 PM Olivier Houchard <[email protected]> wrote:

> On Thu, Nov 18, 2021 at 05:59:24PM +0100, Bart van der Schans wrote:
> > A bit more digging:
> >
> > It looks like this commit broke it:
> >
> http://git.haproxy.org/?p=haproxy-2.0.git;a=commitdiff;h=8ab2a364a8c8adf0965e74a41a2ff3cebd43e7a9
> >
> > Re-adding the following block on line 2826 in cfgparse.c in 2.0.25
> "solves"
> > the issue but I have no idea if that is the right thing to do:
> >
> > -               /* move any "block" rules at the beginning of the
> > http-request rules */
> > -               if (!LIST_ISEMPTY(&curproxy->block_rules)) {
> > -                       /* insert block_rules into http_req_rules at
> > the beginning */
> > -                       curproxy->block_rules.p->n    =
> > curproxy->http_req_rules.n;
> > -                       curproxy->http_req_rules.n->p =
> curproxy->block_rules.p;
> > -                       curproxy->block_rules.n->p    =
> > &curproxy->http_req_rules;
> > -                       curproxy->http_req_rules.n    =
> curproxy->block_rules.n;
> > -                       LIST_INIT(&curproxy->block_rules);
> > -               }
> >
> > Thanks
> > Bart
> >
> I think you are totally correct, and this is the right thing to do. That
> block is unrelated to the other changes in that commit, and probably
> should not have been removed.
>
> Regards,
>
> Olivier
>
>

Re: ACL block ignored in 2.0.25

Reply via email to