*_dom is mostly used for matching Host headers, and host headers
may include port numbers. To avoid having to create multiple rules
with and without :<port-number> in hdr_dom rules, change the _dom
matching functions to also handle : as a delimiter.
--- Typically we have rules like this in haproxy.cfg: acl is_foo hdr_dom(host) www.foo.com Most clients send "Host: www.foo.com" in their HTTP header, but some send "Host: www.foo.com:80" (which is allowed), and then the above hdr_dom() rule doesn't match. The intention of hdr_dom is probably that it should work with port numbers in the Host header? src/acl.c | 29 +++++++++++++++++++---------- 1 files changed, 19 insertions(+), 10 deletions(-) diff --git a/src/acl.c b/src/acl.c index 9d9a746..0074a93 100644 --- a/src/acl.cReceived on 2011/09/07 12:56
+++ b/src/acl.c
@@ -546,12 +546,13 @@ int acl_match_sub(struct acl_test *test, struct acl_pattern *pattern) return ACL_PAT_FAIL; }
+typedef int (*delimiter_fn)(char);
/* This one is used by other real functions. It checks that the pattern is * included inside the tested string, but enclosed between the specified - * delimitor, or a '/' or a '?' or at the beginning or end of the string.
+ * delimitor or at the beginning or end of the string.
* The delimitor is stripped at the beginning or end of the pattern. */ -static int match_word(struct acl_test *test, struct acl_pattern *pattern, char delim)
+static int match_word(struct acl_test *test, struct acl_pattern *pattern, delimiter_fn is_delimiter)
{ int may_match, icase; char *c, *end; @@ -560,13 +561,12 @@ static int match_word(struct acl_test *test, struct acl_pattern *pattern, char d pl = pattern->len; ps = pattern->ptr.str; - while (pl > 0 && (*ps == delim || *ps == '/' || *ps == '?')) {
+ while (pl > 0 && is_delimiter(*ps)) {
pl--; ps++; } - while (pl > 0 && - (ps[pl - 1] == delim || ps[pl - 1] == '/' || ps[pl - 1] == '?'))
+ while (pl > 0 && is_delimiter(ps[pl - 1]))
pl--; if (pl > test->len) @@ -576,7 +576,7 @@ static int match_word(struct acl_test *test, struct acl_pattern *pattern, char d icase = pattern->flags & ACL_PAT_F_IGNORE_CASE; end = test->ptr + test->len - pl; for (c = test->ptr; c <= end; c++) { - if (*c == '/' || *c == delim || *c == '?') {
+ if (is_delimiter(*c)) {
may_match = 1; continue; } @@ -587,12 +587,12 @@ static int match_word(struct acl_test *test, struct acl_pattern *pattern, char d if (icase) { if ((tolower(*c) == tolower(*ps)) && (strncasecmp(ps, c, pl) == 0) && - (c == end || c[pl] == '/' || c[pl] == delim || c[pl] == '?'))
+ (c == end || is_delimiter(c[pl])))
return ACL_PAT_PASS; } else { if ((*c == *ps) && (strncmp(ps, c, pl) == 0) && - (c == end || c[pl] == '/' || c[pl] == delim || c[pl] == '?'))
+ (c == end || is_delimiter(c[pl])))
return ACL_PAT_PASS; } may_match = 0; @@ -600,22 +600,31 @@ static int match_word(struct acl_test *test, struct acl_pattern *pattern, char d return ACL_PAT_FAIL; }
+static int is_dir_delimiter(char c)
+{
+ return c == '/' || c == '?';
+}
+
/* Checks that the pattern is included inside the tested string, but enclosed * between slashes or at the beginning or end of the string. Slashes at the * beginning or end of the pattern are ignored. */ int acl_match_dir(struct acl_test *test, struct acl_pattern *pattern) { - return match_word(test, pattern, '/');
+ return match_word(test, pattern, is_dir_delimiter);
}
+static int is_dom_delimiter(char c)
+{
+ return c == '.' || c == '/' || c == '?' || c == ':';
+}
/* Checks that the pattern is included inside the tested string, but enclosed * between dots or at the beginning or end of the string. Dots at the beginning * or end of the pattern are ignored. */ int acl_match_dom(struct acl_test *test, struct acl_pattern *pattern) { - return match_word(test, pattern, '.');
+ return match_word(test, pattern, is_dom_delimiter);
} /* Checks that the integer in <test> is included between min and max */ -- 1.7.5.1.217.g4e3aa
This archive was generated by hypermail 2.2.0 : 2011/09/07 13:00 CEST