Detailed description of the problem
When we use an http-response rule with the default-errorfiles setting, haproxy does not enforce the status code set in the http-response rule.
Expected behavior
Haproxy correctly sets the http status code for the locally emitted response.
Steps to reproduce the behavior
use config defined in the next block
- request frontend, see unexpected status code
- comment out default-errorfiles
- request frontend, see expected status code
Do you have any idea what may have caused this?
in src/http_act.c where http_action_return() is defined, the status for the response is not enforced and we reuse the server one.
Do you have an idea how to solve the issue?
Make sure we set the status code of the response to the one defined with the return rule.
What is your configuration?
defaults
mode http
listen in
bind :12345
server s1 127.0.0.1:8888
http-response return status 500 default-errorfiles
listen ll
bind :8888
http-request return status 200
Output of haproxy -vv and uname -a
HA-Proxy version 2.4-dev8-4cce70-32 2021/02/18 - https://haproxy.org/
Status: development branch - not safe for use in production.
Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open
Running on: Darwin 19.6.0 Darwin Kernel Version 19.6.0: Tue Jan 12 22:13:05 PST 2021; root:xnu-6153.141.16~1/RELEASE_X86_64 x86_64
Build options :
TARGET = osx
CPU = native
CC = cc
CFLAGS = -O2 -march=native -g -Wall -Wextra -Wdeclaration-after-statement -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-missing-field-initializers -Wno-string-plus-int -Wtype-limits -Wshift-negative-value -Wnull-dereference
OPTIONS =
DEBUG =
Feature list : -EPOLL +KQUEUE -NETFILTER -PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED -BACKTRACE -STATIC_PCRE -STATIC_PCRE2 +TPROXY -LINUX_TPROXY -LINUX_SPLICE +LIBCRYPT -CRYPT_H +GETADDRINFO -OPENSSL -LUA -FUTEX -ACCEPT4 -CLOSEFROM -ZLIB -SLZ +CPU_AFFINITY -TFO -NS -DL -RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER -PRCTL -THREAD_DUMP -EVPORTS -OT -QUIC
Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with multi-threading support (MAX_THREADS=64, default=8).
Built without compression support (neither USE_ZLIB nor USE_SLZ are set).
Compression algorithms supported : identity("identity")
Built with transparent proxy support using:
Built without PCRE or PCRE2 support (using libc's regex instead)
Encrypted password support via crypt(3): yes
Built with clang compiler version 12.0.0 (clang-1200.0.32.28)
Available polling systems :
kqueue : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use kqueue.
Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
h2 : mode=HTTP side=FE|BE mux=H2
fcgi : mode=HTTP side=BE mux=FCGI
<default> : mode=HTTP side=FE|BE mux=H1
<default> : mode=TCP side=FE|BE mux=PASS
Available services : none
Available filters :
[SPOE] spoe
[CACHE] cache
[FCGI] fcgi-app
[COMP] compression
[TRACE] trace
Additional information (if helpful)
@capflam has a fix already, creating this for backport tracking purpose.
Detailed description of the problem
When we use an http-response rule with the default-errorfiles setting, haproxy does not enforce the status code set in the http-response rule.
Expected behavior
Haproxy correctly sets the http status code for the locally emitted response.
Steps to reproduce the behavior
use config defined in the next block
Do you have any idea what may have caused this?
in src/http_act.c where http_action_return() is defined, the status for the response is not enforced and we reuse the server one.
Do you have an idea how to solve the issue?
Make sure we set the status code of the response to the one defined with the return rule.
What is your configuration?
Output of
haproxy -vvanduname -aAdditional information (if helpful)
@capflam has a fix already, creating this for backport tracking purpose.