Re: [PATCH] Fix 'tcp-request content [accept|reject] if condition' parser for missing 'if'.

From: Maik Broemme <mbroemme#plusserver.de>
Date: Wed, 13 May 2009 14:42:27 +0200


Hi,

Willy Tarreau <w#1wt.eu> wrote:
> On Wed, May 13, 2009 at 11:50:07AM +0200, Maik Broemme wrote:
>
> I don't get you. You mean that simply omitting the "if" between "reject" and
> "cond" is not returned as an error, that's it ? If so, yes I agree that it
> would be better that it yells here. Since I copy-pasted the parser from other
> rules (use_backend, block, redirect, ...) the same problem should be present
> everywhere.
>

Yes exactly, if the "if" word is missing the result is non-working. Nothing more and nothing less.

> OK, so it's clearly a matter of not reporting that an unknown word is
> present where only {empty, "if", "unless") are accepted. I'll look into
> that.
>

Many thanks.

> BTW, you can simplify your rules by using two things :
>
> either you make only one ACL :
> acl localnet dst 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
> tcp-request content reject if localnet
>
> or you can keep your 3 ACLs but group them into one rule :
>
> acl localnet-1 dst 192.168.0.0/16
> acl localnet-2 dst 172.16.0.0/12
> acl localnet-3 dst 10.0.0.0/8
> tcp-request content reject if localnet-1 or localnet-2 or localnet-3
>

Many thanks too, didn't know that it is working so too.

> Regards,
> Willy
>

--Maik Received on 2009/05/13 14:42

This archive was generated by hypermail 2.2.0 : 2009/05/13 14:45 CEST