Hi,
attached is a patch which fixes a configuration mistake regarding the
'tcp-request' option. If you have the following in your configuration
file:
acl localnet dst 10.0.0.0/8 tcp-request content reject if localnet
This will work fine, but if you change the 'tcp-request' line and remove the 'if' haproxy-1.3.17 will segfault, I think the following changelog entry in 1.3.18 addresses this problem:
[BUG] fix parser crash on unconditional tcp content rules
But now in 1.3.18 the default behaviour is a bit weird. If you remove the 'if' statement the haproxy will reject every connection, regardless of matching to 'localnet' or not and the configuration seems to be valid, but which is definetly not what expected.
I have changed this to the following behaviour: If nothing is specified after accept or reject the default condition will apply (like source and documentation says) and if there is some parameter after accept or reject it has to be 'if' or 'unless' anything else will result in:
[ALERT] 131/012555 (27042) : parsing [/etc/haproxy/haproxy.cfg:94] :
'tcp-request content reject' expects 'if', 'unless' or nothing, but
found 'localnet'
[ALERT] 131/012555 (27042) : Error reading configuration file :
/etc/haproxy/haproxy.cfg
I think this is much more accurate. At least it took me some time to verify why the hell my configuration file is valid, but did not work as expected. :)
--Maik
This archive was generated by hypermail 2.2.0 : 2009/05/12 01:45 CEST