/* This function executes the "reject" HTTP action. It clears the request and * response buffer without sending any response. It can be useful as an HTTP * alternative to the silent-drop action to defend against DoS attacks, and may * also be used with HTTP/2 to close a connection instead of just a stream. * The txn status is unchanged, indicating no response was sent. The termination * flags will indicate "PR". It always returns ACT_RET_STOP. */ static enum act_return http_action_reject(struct act_rule *rule, struct proxy *px, struct session *sess, struct stream *s, int flags) { si_must_kill_conn(chn_prod(&s->req)); channel_abort(&s->req); channel_abort(&s->res); s->req.analysers = 0; s->res.analysers = 0; _HA_ATOMIC_ADD(&s->be->be_counters.denied_req, 1); _HA_ATOMIC_ADD(&sess->fe->fe_counters.denied_req, 1); if (sess->listener && sess->listener->counters) _HA_ATOMIC_ADD(&sess->listener->counters->denied_req, 1); if (!(s->flags & SF_ERR_MASK)) s->flags |= SF_ERR_PRXCOND; if (!(s->flags & SF_FINST_MASK)) s->flags |= SF_FINST_R; return ACT_RET_CONT; }
/* * Returns a message to the client ; the connection is shut down for read, * and the request is cleared so that no server connection can be initiated. * The buffer is marked for read shutdown on the other side to protect the * message, and the buffer write is enabled. The message is contained in a * "chunk". If it is null, then an empty message is used. The reply buffer does * not need to be empty before this, and its contents will not be overwritten. * The primary goal of this function is to return error messages to a client. */ void stream_int_retnclose(struct stream_interface *si, const struct chunk *msg) { channel_auto_read(si->ib); channel_abort(si->ib); channel_auto_close(si->ib); channel_erase(si->ib); bi_erase(si->ob); if (likely(msg && msg->len)) bo_inject(si->ob, msg->str, msg->len); si->ob->wex = tick_add_ifset(now_ms, si->ob->wto); channel_auto_read(si->ob); channel_auto_close(si->ob); channel_shutr_now(si->ob); }
/* * Returns a message to the client ; the connection is shut down for read, * and the request is cleared so that no server connection can be initiated. * The buffer is marked for read shutdown on the other side to protect the * message, and the buffer write is enabled. The message is contained in a * "chunk". If it is null, then an empty message is used. The reply buffer does * not need to be empty before this, and its contents will not be overwritten. * The primary goal of this function is to return error messages to a client. */ void stream_int_retnclose(struct stream_interface *si, const struct chunk *msg) { struct channel *ic = si_ic(si); struct channel *oc = si_oc(si); channel_auto_read(ic); channel_abort(ic); channel_auto_close(ic); channel_erase(ic); channel_truncate(oc); if (likely(msg && msg->len)) bo_inject(oc, msg->str, msg->len); oc->wex = tick_add_ifset(now_ms, oc->wto); channel_auto_read(oc); channel_auto_close(oc); channel_shutr_now(oc); }