Re: [PATCH] MINOR: http: Add 410 to http-request deny

Wed, 08 Jan 2020 04:27:35 -0800 

While we are at it, could we add 404 as well?

404 is frequently used to deny to hide the fact that the access is
denied, see
https://developer.github.com/v3/troubleshooting/#why-am-i-getting-a-404-error-on-a-repository-that-exists

I know there are workarounds for this like service an error file but
getting it out of the box would be nice.

On 08 Jan 10:43, Florian Tham wrote:
> Hello,
> 
> I need to return HTTP 410 Gone to certain incoming requests. The
> attached patch adds deny_status 410 to http-request-deny. It partly
> fixes https://github.com/haproxy/haproxy/issues/80.
> 
> Best regards,
> 
> Florian

> From 2336fe0d37a0edeb61ce39a6fe1c5477e6fe6e3d Mon Sep 17 00:00:00 
> 2001
> From: Florian Tham <[email protected]>
> Date: Wed, 8 Jan 2020 10:19:05 +0100
> Subject: [PATCH] MINOR: http: Add 410 to http-request deny
> 
> This patch adds http status code 410 Gone to http-request deny.
> ---
>  doc/configuration.txt |  8 +++++---
>  include/common/http.h |  1 +
>  src/http.c            | 11 +++++++++++
>  3 files changed, 17 insertions(+), 3 deletions(-)
> 
> diff --git a/doc/configuration.txt b/doc/configuration.txt
> index 9bc7d7150..69daaa8b7 100644
> --- a/doc/configuration.txt
> +++ b/doc/configuration.txt
> @@ -374,6 +374,8 @@ HAProxy may emit the following status codes by 
> itself :
>          accessing the stats page)
>     403  when a request is forbidden by a "http-request deny" rule
>     408  when the request timeout strikes before the request is 
> complete
> +   410  when the requested resource is no longer available and will 
> not
> +        be available again
>     500  when haproxy encounters an unrecoverable internal error, such 
> as a
>          memory allocation failure, which should never happen
>     502  when the server returns an empty, invalid or incomplete 
> response, or
> @@ -3605,7 +3607,7 @@ errorfile <code> <file>
>                                   yes   |    yes   |   yes  |   yes
>    Arguments :
>      <code>    is the HTTP status code. Currently, HAProxy is capable 
> of
> -              generating codes 200, 400, 403, 405, 408, 425, 429, 500, 
> 502,
> +              generating codes 200, 400, 403, 405, 408, 410, 425, 429, 
> 500, 502,
>                503, and 504.
>  
>      <file>    designates a file containing the full HTTP response. It 
> is
> @@ -3654,7 +3656,7 @@ errorloc302 <code> <url>
>                                   yes   |    yes   |   yes  |   yes
>    Arguments :
>      <code>    is the HTTP status code. Currently, HAProxy is capable 
> of
> -              generating codes 200, 400, 403, 405, 408, 425, 429, 500, 
> 502,
> +              generating codes 200, 400, 403, 405, 408, 410, 425, 429, 
> 500, 502,
>                503, and 504.
>  
>      <url>     it is the exact contents of the "Location" header. It may 
> contain
> @@ -3686,7 +3688,7 @@ errorloc303 <code> <url>
>                                   yes   |    yes   |   yes  |   yes
>    Arguments :
>      <code>    is the HTTP status code. Currently, HAProxy is capable 
> of
> -              generating codes 200, 400, 403, 405, 408, 425, 429, 500, 
> 502,
> +              generating codes 200, 400, 403, 405, 408, 410, 425, 429, 
> 500, 502,
>                503, and 504.
>  
>      <url>     it is the exact contents of the "Location" header. It may 
> contain
> diff --git a/include/common/http.h b/include/common/http.h
> index 857c66e1d..2d9bad7ee 100644
> --- a/include/common/http.h
> +++ b/include/common/http.h
> @@ -85,6 +85,7 @@ enum {
>          HTTP_ERR_403,
>          HTTP_ERR_405,
>          HTTP_ERR_408,
> +        HTTP_ERR_410,
>          HTTP_ERR_421,
>          HTTP_ERR_425,
>          HTTP_ERR_429,
> diff --git a/src/http.c b/src/http.c
> index c9168669d..8aa6bf98b 100644
> --- a/src/http.c
> +++ b/src/http.c
> @@ -218,6 +218,7 @@ const int http_err_codes[HTTP_ERR_SIZE] = {
>          [HTTP_ERR_403] = 403,
>          [HTTP_ERR_405] = 405,
>          [HTTP_ERR_408] = 408,
> +        [HTTP_ERR_410] = 410,
>          [HTTP_ERR_421] = 421,
>          [HTTP_ERR_425] = 425,
>          [HTTP_ERR_429] = 429,
> @@ -273,6 +274,15 @@ const char *http_err_msgs[HTTP_ERR_SIZE] = {
>          "\r\n"
>          "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't 
> send a complete request in time.\n</body></html>\n",
>  
> +        [HTTP_ERR_410] =
> +        "HTTP/1.1 410 Gone\r\n"
> +        "Content-length: 44\r\n"
> +        "Cache-Control: no-cache\r\n"
> +        "Connection: close\r\n"
> +        "Content-Type: text/html\r\n"
> +        "\r\n"
> +        "<html><body><h1>410 Gone</h1></body></html>\n",
> +
>          [HTTP_ERR_421] =
>          "HTTP/1.1 421 Misdirected Request\r\n"
>          "Content-length: 104\r\n"
> @@ -379,6 +389,7 @@ int http_get_status_idx(unsigned int status)
>          case 403: return HTTP_ERR_403;
>          case 405: return HTTP_ERR_405;
>          case 408: return HTTP_ERR_408;
> +        case 410: return HTTP_ERR_410;
>          case 421: return HTTP_ERR_421;
>          case 425: return HTTP_ERR_425;
>          case 429: return HTTP_ERR_429;
> -- 
> 2.24.1
> 


-- 
 (o-    Julien Pivotto
 //\    Open-Source Consultant
 V_/_   Inuits - https://www.inuits.eu

Attachment: signature.asc
Description: PGP signature

Reply via email to