Re: [PATCH] MINOR: http: Add 410 to http-request deny
On 09 Jan 06:01, Willy Tarreau wrote: > On Wed, Jan 08, 2020 at 01:26:00PM +0100, Julien Pivotto wrote: > > While we are at it, could we add 404 as well? > > > > 404 is frequently used to deny to hide the fact that the access is > > denied, see > > https://developer.github.com/v3/troubleshooting/#why-am-i-getting-a-404-error-on-a-repository-that-exists > > > > I know there are workarounds for this like service an error file but > > getting it out of the box would be nice. > > Agreed, I remember someone proposing it a year or two ago already and it > does make sense. Feel free to propose a patch, Florian's can serve as an > example. > > Willy Florian was very kind and implemented it. Thank you Florian! -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature
Re: [PATCH] MINOR: http: Add 410 to http-request deny
On Wed, Jan 08, 2020 at 01:26:00PM +0100, Julien Pivotto wrote: > While we are at it, could we add 404 as well? > > 404 is frequently used to deny to hide the fact that the access is > denied, see > https://developer.github.com/v3/troubleshooting/#why-am-i-getting-a-404-error-on-a-repository-that-exists > > I know there are workarounds for this like service an error file but > getting it out of the box would be nice. Agreed, I remember someone proposing it a year or two ago already and it does make sense. Feel free to propose a patch, Florian's can serve as an example. Willy
Re: [PATCH] MINOR: http: Add 410 to http-request deny
Le 08/01/2020 à 13:54, Florian Tham a écrit : Hello Tim, Am 1/8/20 um 1:21 PM schrieb Tim Düsterhus: Please reference GitHub issue #80 in the commit message. "See issue #80." would be sufficient. + "410 Gone\n", Please add a description of the error message after the headline for consistency with the other messages. I fixed both issues and added a second patch implementing 404. Best regards, Florian Applied, thanks ! -- Christopher Faulet
Re: [PATCH] MINOR: http: Add 410 to http-request deny
Hello Tim, Am 1/8/20 um 1:21 PM schrieb Tim Düsterhus: > Please reference GitHub issue #80 in the commit message. > "See issue #80." would be sufficient. > >> +"410 Gone\n", > > Please add a description of the error message after the headline for > consistency with the other messages. I fixed both issues and added a second patch implementing 404. Best regards, Florian >From 38961d35696bd24b66815e4e09f78a8af3d0d021 Mon Sep 17 00:00:00 2001 From: Florian Tham Date: Wed, 8 Jan 2020 10:19:05 +0100 Subject: [PATCH 1/2] MINOR: http: Add 410 to http-request deny This patch adds http status code 410 Gone to http-request deny. See issue #80. --- doc/configuration.txt | 8 +--- include/common/http.h | 1 + src/http.c| 11 +++ 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 9bc7d7150..69daaa8b7 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -374,6 +374,8 @@ HAProxy may emit the following status codes by itself : accessing the stats page) 403 when a request is forbidden by a "http-request deny" rule 408 when the request timeout strikes before the request is complete + 410 when the requested resource is no longer available and will not +be available again 500 when haproxy encounters an unrecoverable internal error, such as a memory allocation failure, which should never happen 502 when the server returns an empty, invalid or incomplete response, or @@ -3605,7 +3607,7 @@ errorfile yes |yes | yes | yes Arguments : is the HTTP status code. Currently, HAProxy is capable of - generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502, + generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502, 503, and 504. designates a file containing the full HTTP response. It is @@ -3654,7 +3656,7 @@ errorloc302 yes |yes | yes | yes Arguments : is the HTTP status code. Currently, HAProxy is capable of - generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502, + generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502, 503, and 504. it is the exact contents of the "Location" header. It may contain @@ -3686,7 +3688,7 @@ errorloc303 yes |yes | yes | yes Arguments : is the HTTP status code. Currently, HAProxy is capable of - generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502, + generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502, 503, and 504. it is the exact contents of the "Location" header. It may contain diff --git a/include/common/http.h b/include/common/http.h index 857c66e1d..2d9bad7ee 100644 --- a/include/common/http.h +++ b/include/common/http.h @@ -85,6 +85,7 @@ enum { HTTP_ERR_403, HTTP_ERR_405, HTTP_ERR_408, + HTTP_ERR_410, HTTP_ERR_421, HTTP_ERR_425, HTTP_ERR_429, diff --git a/src/http.c b/src/http.c index c9168669d..4f57a43bc 100644 --- a/src/http.c +++ b/src/http.c @@ -218,6 +218,7 @@ const int http_err_codes[HTTP_ERR_SIZE] = { [HTTP_ERR_403] = 403, [HTTP_ERR_405] = 405, [HTTP_ERR_408] = 408, + [HTTP_ERR_410] = 410, [HTTP_ERR_421] = 421, [HTTP_ERR_425] = 425, [HTTP_ERR_429] = 429, @@ -273,6 +274,15 @@ const char *http_err_msgs[HTTP_ERR_SIZE] = { "\r\n" "408 Request Time-out\nYour browser didn't send a complete request in time.\n\n", + [HTTP_ERR_410] = + "HTTP/1.1 410 Gone\r\n" + "Content-length: 114\r\n" + "Cache-Control: no-cache\r\n" + "Connection: close\r\n" + "Content-Type: text/html\r\n" + "\r\n" + "410 Gone\nThe resource is no longer available and will not be available again.\n\n", + [HTTP_ERR_421] = "HTTP/1.1 421 Misdirected Request\r\n" "Content-length: 104\r\n" @@ -379,6 +389,7 @@ int http_get_status_idx(unsigned int status) case 403: return HTTP_ERR_403; case 405: return HTTP_ERR_405; case 408: return HTTP_ERR_408; + case 410: return HTTP_ERR_410; case 421: return HTTP_ERR_421; case 425: return HTTP_ERR_425; case 429: return HTTP_ERR_429; -- 2.24.1 >From 86a8e1f4be02a713dbfd8e5704fc4c4eb2b3cd22 Mon Sep 17 00:00:00 2001 From: Florian Tham Date: Wed, 8 Jan 2020 13:35:30 +0100 Subject: [PATCH 2/2] MINOR: http: Add 404 to http-request deny This patch adds http status code 404 Not Found to http-request deny. See issue #80. --- doc/configuration.txt | 13 +++-- include/common/http.h | 1 + src/http.c| 11 +++ 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 69daaa8b7..d0bb97415 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -373,6 +373,7 @@ HAProxy may emit the following status codes by itself : 401
Re: [PATCH] MINOR: http: Add 410 to http-request deny
+1 for 404 Addition Jan 8, 2020 1:26:36 PM Julien Pivotto : > While we are at it, could we add 404 as well? > > 404 is frequently used to deny to hide the fact that the access is > denied, see > https://developer.github.com/v3/troubleshooting/#why-am-i-getting-a-404-error-on-a-repository-that-exists > > I know there are workarounds for this like service an error file but > getting it out of the box would be nice. > > On 08 Jan 10:43, Florian Tham wrote: > > > Hello, > > > > I need to return HTTP 410 Gone to certain incoming requests. The > > attached patch adds deny_status 410 to http-request-deny. It partly > > fixes https://github.com/haproxy/haproxy/issues/80. > > > > Best regards, > > > > Florian > > > > > > [37mFrom 2336fe0d37a0edeb61ce39a6fe1c5477e6fe6e3d Mon Sep 17 00:00:00 > > 2001[0m > > [37mFrom: Florian Tham [0m > > [37mDate: Wed, 8 Jan 2020 10:19:05 +0100[0m > > [37mSubject: [PATCH] MINOR: http: Add 410 to http-request deny[0m > > > > [37mThis patch adds http status code 410 Gone to http-request deny.[0m > > [37m---[0m > > [37m doc/configuration.txt | 8 +---[0m > > [37m include/common/http.h | 1 +[0m > > [37m src/http.c | 11 +++[0m > > [37m 3 files changed, 17 insertions(+), 3 deletions(-)[0m > > > > [37mdiff --git a/doc/configuration.txt b/doc/configuration.txt[0m > > [37mindex 9bc7d7150..69daaa8b7 100644[0m > > [37m--- a/doc/configuration.txt[0m > > [37m+++ b/doc/configuration.txt[0m > > [37m@@ -374,6 +374,8 @@ HAProxy may emit the following status codes by > > itself :[0m > > [37m accessing the stats page)[0m > > [37m 403 when a request is forbidden by a "http-request deny" rule[0m > > [37m 408 when the request timeout strikes before the request is complete[0m > > [32m+ 410 when the requested resource is no longer available and will > > not[0m > > [32m+ be available again[0m > > [37m 500 when haproxy encounters an unrecoverable internal error, such as > > a[0m > > [37m memory allocation failure, which should never happen[0m > > [37m 502 when the server returns an empty, invalid or incomplete response, > > or[0m > > [37m@@ -3605,7 +3607,7 @@ errorfile [0m > > [37m yes | yes | yes | yes[0m > > [37m Arguments :[0m > > [37m is the HTTP status code. Currently, HAProxy is capable of[0m > > [31m- generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502,[0m > > [32m+ generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502,[0m > > [37m 503, and 504.[0m > > [37m [0m > > [37m designates a file containing the full HTTP response. It is[0m > > [37m@@ -3654,7 +3656,7 @@ errorloc302 [0m > > [37m yes | yes | yes | yes[0m > > [37m Arguments :[0m > > [37m is the HTTP status code. Currently, HAProxy is capable of[0m > > [31m- generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502,[0m > > [32m+ generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502,[0m > > [37m 503, and 504.[0m > > [37m [0m > > [37m it is the exact contents of the "Location" header. It may > > contain[0m > > [37m@@ -3686,7 +3688,7 @@ errorloc303 [0m > > [37m yes | yes | yes | yes[0m > > [37m Arguments :[0m > > [37m is the HTTP status code. Currently, HAProxy is capable of[0m > > [31m- generating codes 200, 400, 403, 405, 408, 425, 429, 500, 502,[0m > > [32m+ generating codes 200, 400, 403, 405, 408, 410, 425, 429, 500, 502,[0m > > [37m 503, and 504.[0m > > [37m [0m > > [37m it is the exact contents of the "Location" header. It may > > contain[0m > > [37mdiff --git a/include/common/http.h b/include/common/http.h[0m > > [37mindex 857c66e1d..2d9bad7ee 100644[0m > > [37m--- a/include/common/http.h[0m > > [37m+++ b/include/common/http.h[0m > > [37m@@ -85,6 +85,7 @@ enum {[0m > > [37m HTTP_ERR_403,[0m > > [37m HTTP_ERR_405,[0m > > [37m HTTP_ERR_408,[0m > > [32m+ HTTP_ERR_410,[0m > > [37m HTTP_ERR_421,[0m > > [37m HTTP_ERR_425,[0m > > [37m HTTP_ERR_429,[0m > > [37mdiff --git a/src/http.c b/src/http.c[0m > > [37mindex c9168669d..8aa6bf98b 100644[0m > > [37m--- a/src/http.c[0m > > [37m+++ b/src/http.c[0m > > [37m@@ -218,6 +218,7 @@ const int http_err_codes[HTTP_ERR_SIZE] = {[0m > > [37m [HTTP_ERR_403] = 403,[0m > > [37m [HTTP_ERR_405] = 405,[0m > > [37m [HTTP_ERR_408] = 408,[0m > > [32m+ [HTTP_ERR_410] = 410,[0m > > [37m [HTTP_ERR_421] = 421,[0m > > [37m [HTTP_ERR_425] = 425,[0m > > [37m [HTTP_ERR_429] = 429,[0m > > [37m@@ -273,6 +274,15 @@ const char *http_err_msgs[HTTP_ERR_SIZE] = {[0m > > [37m "\r\n"[0m > > [37m "408 Request Time-out\nYour browser didn't send a > > complete request in time.\n\n",[0m > > [37m [0m > > [32m+ [HTTP_ERR_410] =[0m > > [32m+ "HTTP/1.1 410 Gone\r\n"[0m > > [32m+ "Content-length: 44\r\n"[0m > > [32m+ "Cache-Control: no-cache\r\n"[0m > > [32m+ "Connection: close\r\n"[0m > > [32m+ "Content-Type: text/html\r\n"[0m > > [32m+ "\r\n"[0m > > [32m+ "410 Gone\n",[0m > > [32m+[0m > > [37m [HTTP_ERR_421] =[0m > > [37m "HTTP/1.1 421 Misdirected Request\r\n"[0m > > [37m
Re: [PATCH] MINOR: http: Add 410 to http-request deny
While we are at it, could we add 404 as well? 404 is frequently used to deny to hide the fact that the access is denied, see https://developer.github.com/v3/troubleshooting/#why-am-i-getting-a-404-error-on-a-repository-that-exists I know there are workarounds for this like service an error file but getting it out of the box would be nice. On 08 Jan 10:43, Florian Tham wrote: > Hello, > > I need to return HTTP 410 Gone to certain incoming requests. The > attached patch adds deny_status 410 to http-request-deny. It partly > fixes https://github.com/haproxy/haproxy/issues/80. > > Best regards, > > Florian > [37mFrom 2336fe0d37a0edeb61ce39a6fe1c5477e6fe6e3d Mon Sep 17 00:00:00 > 2001[0m > [37mFrom: Florian Tham [0m > [37mDate: Wed, 8 Jan 2020 10:19:05 +0100[0m > [37mSubject: [PATCH] MINOR: http: Add 410 to http-request deny[0m > > [37mThis patch adds http status code 410 Gone to http-request deny.[0m > [37m---[0m > [37m doc/configuration.txt | 8 +---[0m > [37m include/common/http.h | 1 +[0m > [37m src/http.c| 11 +++[0m > [37m 3 files changed, 17 insertions(+), 3 deletions(-)[0m > > [37mdiff --git a/doc/configuration.txt b/doc/configuration.txt[0m > [37mindex 9bc7d7150..69daaa8b7 100644[0m > [37m--- a/doc/configuration.txt[0m > [37m+++ b/doc/configuration.txt[0m > [37m@@ -374,6 +374,8 @@ HAProxy may emit the following status codes by > itself :[0m > [37m accessing the stats page)[0m > [37m403 when a request is forbidden by a "http-request deny" rule[0m > [37m408 when the request timeout strikes before the request is > complete[0m > [32m+ 410 when the requested resource is no longer available and will > not[0m > [32m+be available again[0m > [37m500 when haproxy encounters an unrecoverable internal error, such > as a[0m > [37m memory allocation failure, which should never happen[0m > [37m502 when the server returns an empty, invalid or incomplete > response, or[0m > [37m@@ -3605,7 +3607,7 @@ errorfile [0m > [37m yes |yes | yes | yes[0m > [37m Arguments :[0m > [37m is the HTTP status code. Currently, HAProxy is capable > of[0m > [31m- generating codes 200, 400, 403, 405, 408, 425, 429, 500, > 502,[0m > [32m+ generating codes 200, 400, 403, 405, 408, 410, 425, 429, > 500, 502,[0m > [37m 503, and 504.[0m > [37m [0m > [37m designates a file containing the full HTTP response. It > is[0m > [37m@@ -3654,7 +3656,7 @@ errorloc302 [0m > [37m yes |yes | yes | yes[0m > [37m Arguments :[0m > [37m is the HTTP status code. Currently, HAProxy is capable > of[0m > [31m- generating codes 200, 400, 403, 405, 408, 425, 429, 500, > 502,[0m > [32m+ generating codes 200, 400, 403, 405, 408, 410, 425, 429, > 500, 502,[0m > [37m 503, and 504.[0m > [37m [0m > [37m it is the exact contents of the "Location" header. It may > contain[0m > [37m@@ -3686,7 +3688,7 @@ errorloc303 [0m > [37m yes |yes | yes | yes[0m > [37m Arguments :[0m > [37m is the HTTP status code. Currently, HAProxy is capable > of[0m > [31m- generating codes 200, 400, 403, 405, 408, 425, 429, 500, > 502,[0m > [32m+ generating codes 200, 400, 403, 405, 408, 410, 425, 429, > 500, 502,[0m > [37m 503, and 504.[0m > [37m [0m > [37m it is the exact contents of the "Location" header. It may > contain[0m > [37mdiff --git a/include/common/http.h b/include/common/http.h[0m > [37mindex 857c66e1d..2d9bad7ee 100644[0m > [37m--- a/include/common/http.h[0m > [37m+++ b/include/common/http.h[0m > [37m@@ -85,6 +85,7 @@ enum {[0m > [37m HTTP_ERR_403,[0m > [37m HTTP_ERR_405,[0m > [37m HTTP_ERR_408,[0m > [32m+HTTP_ERR_410,[0m > [37m HTTP_ERR_421,[0m > [37m HTTP_ERR_425,[0m > [37m HTTP_ERR_429,[0m > [37mdiff --git a/src/http.c b/src/http.c[0m > [37mindex c9168669d..8aa6bf98b 100644[0m > [37m--- a/src/http.c[0m > [37m+++ b/src/http.c[0m > [37m@@ -218,6 +218,7 @@ const int http_err_codes[HTTP_ERR_SIZE] = {[0m > [37m [HTTP_ERR_403] = 403,[0m > [37m [HTTP_ERR_405] = 405,[0m > [37m [HTTP_ERR_408] = 408,[0m > [32m+[HTTP_ERR_410] = 410,[0m > [37m [HTTP_ERR_421] = 421,[0m > [37m [HTTP_ERR_425] = 425,[0m > [37m [HTTP_ERR_429] = 429,[0m > [37m@@ -273,6 +274,15 @@ const char *http_err_msgs[HTTP_ERR_SIZE] = {[0m > [37m "\r\n"[0m > [37m "408 Request Time-out\nYour browser didn't > send a complete request in time.\n\n",[0m > [37m [0m > [32m+[HTTP_ERR_410] =[0m > [32m+"HTTP/1.1 410 Gone\r\n"[0m >
Re: [PATCH] MINOR: http: Add 410 to http-request deny
Florian, Am 08.01.20 um 10:43 schrieb Florian Tham: > This patch adds http status code 410 Gone to http-request deny. Please reference GitHub issue #80 in the commit message. "See issue #80." would be sufficient. > + "410 Gone\n", Please add a description of the error message after the headline for consistency with the other messages. Best regards Tim Düsterhus