Re: [PATCH] MINOR: http: Add 410 to http-request deny

2020-01-09 Thread Julien Pivotto 
On 09 Jan 06:01, Willy Tarreau wrote:
> On Wed, Jan 08, 2020 at 01:26:00PM +0100, Julien Pivotto wrote:
> > While we are at it, could we add 404 as well?
> > 
> > 404 is frequently used to deny to hide the fact that the access is
> > denied, see
> > https://developer.github.com/v3/troubleshooting/#why-am-i-getting-a-404-error-on-a-repository-that-exists
> > 
> > I know there are workarounds for this like service an error file but
> > getting it out of the box would be nice.
> 
> Agreed, I remember someone proposing it a year or two ago already and it
> does make sense. Feel free to propose a patch, Florian's can serve as an
> example.
> 
> Willy

Florian was very kind and implemented it. Thank you Florian!

-- 
 (o-Julien Pivotto
 //\Open-Source Consultant
 V_/_   Inuits - https://www.inuits.eu


signature.asc
Description: PGP signature

Re: [PATCH] MINOR: http: Add 410 to http-request deny

2020-01-08 Thread Willy Tarreau 
On Wed, Jan 08, 2020 at 01:26:00PM +0100, Julien Pivotto wrote:
> While we are at it, could we add 404 as well?
> 
> 404 is frequently used to deny to hide the fact that the access is
> denied, see
> https://developer.github.com/v3/troubleshooting/#why-am-i-getting-a-404-error-on-a-repository-that-exists
> 
> I know there are workarounds for this like service an error file but
> getting it out of the box would be nice.

Agreed, I remember someone proposing it a year or two ago already and it
does make sense. Feel free to propose a patch, Florian's can serve as an
example.

Willy

Re: [PATCH] MINOR: http: Add 410 to http-request deny

2020-01-08 Thread Christopher Faulet 

Le 08/01/2020 à 13:54, Florian Tham a écrit :

Hello Tim,

Am 1/8/20 um 1:21 PM schrieb Tim Düsterhus:

Please reference GitHub issue #80 in the commit message.
"See issue #80." would be sufficient.


+   "410 Gone\n",


Please add a description of the error message after the headline for
consistency with the other messages.


I fixed both issues and added a second patch implementing 404.

Best regards,

Florian



Applied, thanks !

--
Christopher Faulet

Re: [PATCH] MINOR: http: Add 410 to http-request deny

2020-01-08 Thread Florian Tham 
Hello Tim,

Am 1/8/20 um 1:21 PM schrieb Tim Düsterhus:
> Please reference GitHub issue #80 in the commit message.
> "See issue #80." would be sufficient.
> 
>> +"410 Gone\n",
> 
> Please add a description of the error message after the headline for
> consistency with the other messages.

I fixed both issues and added a second patch implementing 404.

Best regards,

Florian
>From 38961d35696bd24b66815e4e09f78a8af3d0d021 Mon Sep 17 00:00:00 2001
From: Florian Tham 
Date: Wed, 8 Jan 2020 10:19:05 +0100
Subject: [PATCH 1/2] MINOR: http: Add 410 to http-request deny

This patch adds http status code 410 Gone to http-request deny. See
issue #80.
---
 doc/configuration.txt |  8 +---
 include/common/http.h |  1 +
 src/http.c| 11 +++
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 9bc7d7150..69daaa8b7 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -374,6 +374,8 @@ HAProxy may emit the following status codes by itself :
 accessing the stats page)
403  when a request is forbidden by a "http-request deny" rule
408  when the request timeout strikes before the request is complete
+   410  when the requested resource is no longer available and will not
+be available again
500  when haproxy encounters an unrecoverable internal error, such as a
 memory allocation failure, which should never happen
502  when the server returns an empty, invalid or incomplete response, or
@@ -3605,7 +3607,7 @@ errorfile  
  yes   |yes   |   yes  |   yes
   Arguments :
 is the HTTP status code. Currently, HAProxy is capable of
-  generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502,
+  generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502,
   503, and 504.
 
 designates a file containing the full HTTP response. It is
@@ -3654,7 +3656,7 @@ errorloc302  
  yes   |yes   |   yes  |   yes
   Arguments :
 is the HTTP status code. Currently, HAProxy is capable of
-  generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502,
+  generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502,
   503, and 504.
 
  it is the exact contents of the "Location" header. It may contain
@@ -3686,7 +3688,7 @@ errorloc303  
  yes   |yes   |   yes  |   yes
   Arguments :
 is the HTTP status code. Currently, HAProxy is capable of
-  generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502,
+  generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502,
   503, and 504.
 
  it is the exact contents of the "Location" header. It may contain
diff --git a/include/common/http.h b/include/common/http.h
index 857c66e1d..2d9bad7ee 100644
--- a/include/common/http.h
+++ b/include/common/http.h
@@ -85,6 +85,7 @@ enum {
 	HTTP_ERR_403,
 	HTTP_ERR_405,
 	HTTP_ERR_408,
+	HTTP_ERR_410,
 	HTTP_ERR_421,
 	HTTP_ERR_425,
 	HTTP_ERR_429,
diff --git a/src/http.c b/src/http.c
index c9168669d..4f57a43bc 100644
--- a/src/http.c
+++ b/src/http.c
@@ -218,6 +218,7 @@ const int http_err_codes[HTTP_ERR_SIZE] = {
 	[HTTP_ERR_403] = 403,
 	[HTTP_ERR_405] = 405,
 	[HTTP_ERR_408] = 408,
+	[HTTP_ERR_410] = 410,
 	[HTTP_ERR_421] = 421,
 	[HTTP_ERR_425] = 425,
 	[HTTP_ERR_429] = 429,
@@ -273,6 +274,15 @@ const char *http_err_msgs[HTTP_ERR_SIZE] = {
 	"\r\n"
 	"408 Request Time-out\nYour browser didn't send a complete request in time.\n\n",
 
+	[HTTP_ERR_410] =
+	"HTTP/1.1 410 Gone\r\n"
+	"Content-length: 114\r\n"
+	"Cache-Control: no-cache\r\n"
+	"Connection: close\r\n"
+	"Content-Type: text/html\r\n"
+	"\r\n"
+	"410 Gone\nThe resource is no longer available and will not be available again.\n\n",
+
 	[HTTP_ERR_421] =
 	"HTTP/1.1 421 Misdirected Request\r\n"
 	"Content-length: 104\r\n"
@@ -379,6 +389,7 @@ int http_get_status_idx(unsigned int status)
 	case 403: return HTTP_ERR_403;
 	case 405: return HTTP_ERR_405;
 	case 408: return HTTP_ERR_408;
+	case 410: return HTTP_ERR_410;
 	case 421: return HTTP_ERR_421;
 	case 425: return HTTP_ERR_425;
 	case 429: return HTTP_ERR_429;
-- 
2.24.1

>From 86a8e1f4be02a713dbfd8e5704fc4c4eb2b3cd22 Mon Sep 17 00:00:00 2001
From: Florian Tham 
Date: Wed, 8 Jan 2020 13:35:30 +0100
Subject: [PATCH 2/2] MINOR: http: Add 404 to http-request deny

This patch adds http status code 404 Not Found to http-request deny. See
issue #80.
---
 doc/configuration.txt | 13 +++--
 include/common/http.h |  1 +
 src/http.c| 11 +++
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 69daaa8b7..d0bb97415 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -373,6 +373,7 @@ HAProxy may emit the following status codes by itself :
401

Re: [PATCH] MINOR: http: Add 410 to http-request deny

2020-01-08 Thread Aleksandar Lazic 


+1 for 404 Addition

Jan 8, 2020 1:26:36 PM Julien Pivotto :

> While we are at it, could we add 404 as well?
> 
> 404 is frequently used to deny to hide the fact that the access is
> denied, see
> https://developer.github.com/v3/troubleshooting/#why-am-i-getting-a-404-error-on-a-repository-that-exists
> 
> I know there are workarounds for this like service an error file but
> getting it out of the box would be nice.
> 
> On 08 Jan 10:43, Florian Tham wrote:
> 
> > Hello,
> > 
> > I need to return HTTP 410 Gone to certain incoming requests. The
> > attached patch adds deny_status 410 to http-request-deny. It partly
> > fixes https://github.com/haproxy/haproxy/issues/80.
> > 
> > Best regards,
> > 
> > Florian
> > 
> 
> 
> > [37mFrom 2336fe0d37a0edeb61ce39a6fe1c5477e6fe6e3d Mon Sep 17 00:00:00 
> > 2001
> > [37mFrom: Florian Tham 
> > [37mDate: Wed, 8 Jan 2020 10:19:05 +0100
> > [37mSubject: [PATCH] MINOR: http: Add 410 to http-request deny
> > 
> > [37mThis patch adds http status code 410 Gone to http-request deny.
> > [37m---
> > [37m doc/configuration.txt | 8 +---
> > [37m include/common/http.h | 1 +
> > [37m src/http.c | 11 +++
> > [37m 3 files changed, 17 insertions(+), 3 deletions(-)
> > 
> > [37mdiff --git a/doc/configuration.txt b/doc/configuration.txt
> > [37mindex 9bc7d7150..69daaa8b7 100644
> > [37m--- a/doc/configuration.txt
> > [37m+++ b/doc/configuration.txt
> > [37m@@ -374,6 +374,8 @@ HAProxy may emit the following status codes by 
> > itself :
> > [37m accessing the stats page)
> > [37m 403 when a request is forbidden by a "http-request deny" rule
> > [37m 408 when the request timeout strikes before the request is complete
> > [32m+ 410 when the requested resource is no longer available and will 
> > not
> > [32m+ be available again
> > [37m 500 when haproxy encounters an unrecoverable internal error, such as 
> > a
> > [37m memory allocation failure, which should never happen
> > [37m 502 when the server returns an empty, invalid or incomplete response, 
> > or
> > [37m@@ -3605,7 +3607,7 @@ errorfile  
> > [37m yes | yes | yes | yes
> > [37m Arguments :
> > [37m  is the HTTP status code. Currently, HAProxy is capable of
> > [31m- generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502,
> > [32m+ generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502,
> > [37m 503, and 504.
> > [37m 
> > [37m  designates a file containing the full HTTP response. It is
> > [37m@@ -3654,7 +3656,7 @@ errorloc302  
> > [37m yes | yes | yes | yes
> > [37m Arguments :
> > [37m  is the HTTP status code. Currently, HAProxy is capable of
> > [31m- generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502,
> > [32m+ generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502,
> > [37m 503, and 504.
> > [37m 
> > [37m  it is the exact contents of the "Location" header. It may 
> > contain
> > [37m@@ -3686,7 +3688,7 @@ errorloc303  
> > [37m yes | yes | yes | yes
> > [37m Arguments :
> > [37m  is the HTTP status code. Currently, HAProxy is capable of
> > [31m- generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502,
> > [32m+ generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502,
> > [37m 503, and 504.
> > [37m 
> > [37m  it is the exact contents of the "Location" header. It may 
> > contain
> > [37mdiff --git a/include/common/http.h b/include/common/http.h
> > [37mindex 857c66e1d..2d9bad7ee 100644
> > [37m--- a/include/common/http.h
> > [37m+++ b/include/common/http.h
> > [37m@@ -85,6 +85,7 @@ enum {
> > [37m HTTP_ERR_403,
> > [37m HTTP_ERR_405,
> > [37m HTTP_ERR_408,
> > [32m+ HTTP_ERR_410,
> > [37m HTTP_ERR_421,
> > [37m HTTP_ERR_425,
> > [37m HTTP_ERR_429,
> > [37mdiff --git a/src/http.c b/src/http.c
> > [37mindex c9168669d..8aa6bf98b 100644
> > [37m--- a/src/http.c
> > [37m+++ b/src/http.c
> > [37m@@ -218,6 +218,7 @@ const int http_err_codes[HTTP_ERR_SIZE] = {
> > [37m [HTTP_ERR_403] = 403,
> > [37m [HTTP_ERR_405] = 405,
> > [37m [HTTP_ERR_408] = 408,
> > [32m+ [HTTP_ERR_410] = 410,
> > [37m [HTTP_ERR_421] = 421,
> > [37m [HTTP_ERR_425] = 425,
> > [37m [HTTP_ERR_429] = 429,
> > [37m@@ -273,6 +274,15 @@ const char *http_err_msgs[HTTP_ERR_SIZE] = {
> > [37m "\r\n"
> > [37m "408 Request Time-out\nYour browser didn't send a 
> > complete request in time.\n\n",
> > [37m 
> > [32m+ [HTTP_ERR_410] =
> > [32m+ "HTTP/1.1 410 Gone\r\n"
> > [32m+ "Content-length: 44\r\n"
> > [32m+ "Cache-Control: no-cache\r\n"
> > [32m+ "Connection: close\r\n"
> > [32m+ "Content-Type: text/html\r\n"
> > [32m+ "\r\n"
> > [32m+ "410 Gone\n",
> > [32m+
> > [37m [HTTP_ERR_421] =
> > [37m "HTTP/1.1 421 Misdirected Request\r\n"
> > [37m

Re: [PATCH] MINOR: http: Add 410 to http-request deny

2020-01-08 Thread Julien Pivotto 
While we are at it, could we add 404 as well?

404 is frequently used to deny to hide the fact that the access is
denied, see
https://developer.github.com/v3/troubleshooting/#why-am-i-getting-a-404-error-on-a-repository-that-exists

I know there are workarounds for this like service an error file but
getting it out of the box would be nice.

On 08 Jan 10:43, Florian Tham wrote:
> Hello,
> 
> I need to return HTTP 410 Gone to certain incoming requests. The
> attached patch adds deny_status 410 to http-request-deny. It partly
> fixes https://github.com/haproxy/haproxy/issues/80.
> 
> Best regards,
> 
> Florian

> From 2336fe0d37a0edeb61ce39a6fe1c5477e6fe6e3d Mon Sep 17 00:00:00 
> 2001
> From: Florian Tham 
> Date: Wed, 8 Jan 2020 10:19:05 +0100
> Subject: [PATCH] MINOR: http: Add 410 to http-request deny
> 
> This patch adds http status code 410 Gone to http-request deny.
> ---
>  doc/configuration.txt |  8 +---
>  include/common/http.h |  1 +
>  src/http.c| 11 +++
>  3 files changed, 17 insertions(+), 3 deletions(-)
> 
> diff --git a/doc/configuration.txt b/doc/configuration.txt
> index 9bc7d7150..69daaa8b7 100644
> --- a/doc/configuration.txt
> +++ b/doc/configuration.txt
> @@ -374,6 +374,8 @@ HAProxy may emit the following status codes by 
> itself :
>  accessing the stats page)
> 403  when a request is forbidden by a "http-request deny" rule
> 408  when the request timeout strikes before the request is 
> complete
> +   410  when the requested resource is no longer available and will 
> not
> +be available again
> 500  when haproxy encounters an unrecoverable internal error, such 
> as a
>  memory allocation failure, which should never happen
> 502  when the server returns an empty, invalid or incomplete 
> response, or
> @@ -3605,7 +3607,7 @@ errorfile  
>   yes   |yes   |   yes  |   yes
>    Arguments :
>  is the HTTP status code. Currently, HAProxy is capable 
> of
> -  generating codes 200, 400, 403, 405, 408, 425, 429, 500, 
> 502,
> +  generating codes 200, 400, 403, 405, 408, 410, 425, 429, 
> 500, 502,
>    503, and 504.
>  
>  designates a file containing the full HTTP response. It 
> is
> @@ -3654,7 +3656,7 @@ errorloc302  
>   yes   |yes   |   yes  |   yes
>    Arguments :
>  is the HTTP status code. Currently, HAProxy is capable 
> of
> -  generating codes 200, 400, 403, 405, 408, 425, 429, 500, 
> 502,
> +  generating codes 200, 400, 403, 405, 408, 410, 425, 429, 
> 500, 502,
>    503, and 504.
>  
>   it is the exact contents of the "Location" header. It may 
> contain
> @@ -3686,7 +3688,7 @@ errorloc303  
>   yes   |yes   |   yes  |   yes
>    Arguments :
>  is the HTTP status code. Currently, HAProxy is capable 
> of
> -  generating codes 200, 400, 403, 405, 408, 425, 429, 500, 
> 502,
> +  generating codes 200, 400, 403, 405, 408, 410, 425, 429, 
> 500, 502,
>    503, and 504.
>  
>   it is the exact contents of the "Location" header. It may 
> contain
> diff --git a/include/common/http.h b/include/common/http.h
> index 857c66e1d..2d9bad7ee 100644
> --- a/include/common/http.h
> +++ b/include/common/http.h
> @@ -85,6 +85,7 @@ enum {
>  HTTP_ERR_403,
>  HTTP_ERR_405,
>  HTTP_ERR_408,
> +HTTP_ERR_410,
>  HTTP_ERR_421,
>  HTTP_ERR_425,
>  HTTP_ERR_429,
> diff --git a/src/http.c b/src/http.c
> index c9168669d..8aa6bf98b 100644
> --- a/src/http.c
> +++ b/src/http.c
> @@ -218,6 +218,7 @@ const int http_err_codes[HTTP_ERR_SIZE] = {
>  [HTTP_ERR_403] = 403,
>  [HTTP_ERR_405] = 405,
>  [HTTP_ERR_408] = 408,
> +[HTTP_ERR_410] = 410,
>  [HTTP_ERR_421] = 421,
>  [HTTP_ERR_425] = 425,
>  [HTTP_ERR_429] = 429,
> @@ -273,6 +274,15 @@ const char *http_err_msgs[HTTP_ERR_SIZE] = {
>  "\r\n"
>  "408 Request Time-out\nYour browser didn't 
> send a complete request in time.\n\n",
>  
> +[HTTP_ERR_410] =
> +"HTTP/1.1 410 Gone\r\n"
>

Re: [PATCH] MINOR: http: Add 410 to http-request deny

2020-01-08 Thread Tim Düsterhus 
Florian,

Am 08.01.20 um 10:43 schrieb Florian Tham:
> This patch adds http status code 410 Gone to http-request deny.

Please reference GitHub issue #80 in the commit message.
"See issue #80." would be sufficient.

> + "410 Gone\n",

Please add a description of the error message after the headline for
consistency with the other messages.

Best regards
Tim Düsterhus