netbird/plugins
0
0
Fork 0
mirror of https://github.com/netbirdio/plugins.git synced 2026-05-22 18:44:07 -07:00
Code Issues Packages Projects Releases Wiki Activity

net/haproxy: Actions with no ACLs may still be valid

Browse Source
This commit is contained in:
Frank Wall
2016-04-19 11:30:24 +02:00
parent 095af4c651
commit dd863a44ba
1 changed files with 195 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+195 -190
View File
@@ -38,7 +38,7 @@
{% set action_acls = [] %}
{# # collect ACL errors (may disable Action) #}
{% set acl_errors = '0' %}
{# # An action with no ACLs is invalid #}
{# # An action with no ACLs may still be valid #}
{% if action_data.linkedAcls|default("") != "" %}
{% for acl in action_data.linkedAcls.split(",") %}
{% set acl_data = helpers.getUUID(acl) %}
@@ -218,197 +218,205 @@
# ACL INVALID: {{acl_data.name}}
{% endif %}
{% endfor %}
{# # NOTE: We're ignoring actions if any ACL is erroneous, #}
{# # because doing otherwise would lead to unpredictable behaviour. #}
{% if acl_errors == '0' %}
{% set action_enabled = '1' %}
{% set action_options = [] %}
{% if action_data.type == 'use_backend' %}
{% if action_data.useBackend|default("") != "" %}
{% set acl_backend_data = helpers.getUUID(action_data.useBackend) %}
{% do action_options.append('use_backend ' ~ acl_backend_data.name) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'use_server' %}
{% if action_data.useServer|default("") != "" %}
{% set server_data = helpers.getUUID(action_data.useServer) %}
{% do action_options.append('use-server ' ~ server_data.name) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_allow' %}
{% do action_options.append('http-request allow') %}
{% elif action_data.type == 'http-request_deny' %}
{% do action_options.append('http-request deny') %}
{% elif action_data.type == 'http-request_tarpit' %}
{% do action_options.append('http-request tarpit') %}
{% elif action_data.type == 'http-request_auth' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request auth ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_redirect' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request redirect ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_use-service' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request use-service lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_add-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-request add-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_set-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-request set-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_del-header' %}
{% if action_data.actionName|default("") != "" %}
{% do action_options.append('http-request del-header' ~ action_data.actionName) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_replace-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-request replace-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_replace-value' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-request replace-value ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_allow' %}
{% do action_options.append('http-response allow') %}
{% elif action_data.type == 'http-response_deny' %}
{% do action_options.append('http-response deny') %}
{% elif action_data.type == 'http-response_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-response lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_add-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-response add-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_set-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-response set-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_del-header' %}
{% if action_data.actionName|default("") != "" %}
{% do action_options.append('http-response del-header' ~ action_data.actionName) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_replace-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-response replace-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_replace-value' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-response replace-value ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'tcp-request_connection_accept' %}
{% do action_options.append('tcp-request connection accept') %}
{% elif action_data.type == 'tcp-request_connection_reject' %}
{% do action_options.append('tcp-request connection reject') %}
{% elif action_data.type == 'tcp-request_content_accept' %}
{% do action_options.append('tcp-request content accept') %}
{% elif action_data.type == 'tcp-request_content_reject' %}
{% do action_options.append('tcp-request content reject') %}
{% elif action_data.type == 'tcp-request_content_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('tcp-request content lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'tcp-request_content_use-service' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('tcp-request content use-service lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'tcp-response_content_accept' %}
{% do action_options.append('tcp-response content accept') %}
{% elif action_data.type == 'tcp-response_content_close' %}
{% do action_options.append('tcp-response content close') %}
{% elif action_data.type == 'tcp-response_content_reject' %}
{% do action_options.append('tcp-response content reject') %}
{% elif action_data.type == 'tcp-response_content_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('tcp-response content lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'custom' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append(action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% endif %}
{# # NOTE: We're ignoring actions if any ACL is erroneous, #}
{# # because doing otherwise would lead to unpredictable behaviour. #}
{% if acl_errors == '0' %}
{% set action_enabled = '1' %}
{% set action_options = [] %}
{% if action_data.type == 'use_backend' %}
{% if action_data.useBackend|default("") != "" %}
{% set acl_backend_data = helpers.getUUID(action_data.useBackend) %}
{% do action_options.append('use_backend ' ~ acl_backend_data.name) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: unsupported action type
# ERROR: missing parameters
{% endif %}
{# # check if action is valid #}
{% if action_enabled == '1' %}
{% if action_data.operator == 'or' %}
{% set join_operator = ' || ' %}
{% else %}
{% set join_operator = ' ' %}
{% endif %}
{% elif action_data.type == 'use_server' %}
{% if action_data.useServer|default("") != "" %}
{% set server_data = helpers.getUUID(action_data.useServer) %}
{% do action_options.append('use-server ' ~ server_data.name) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_allow' %}
{% do action_options.append('http-request allow') %}
{% elif action_data.type == 'http-request_deny' %}
{% do action_options.append('http-request deny') %}
{% elif action_data.type == 'http-request_tarpit' %}
{% do action_options.append('http-request tarpit') %}
{% elif action_data.type == 'http-request_auth' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request auth ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_redirect' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request redirect ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_use-service' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-request use-service lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_add-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-request add-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_set-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-request set-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_del-header' %}
{% if action_data.actionName|default("") != "" %}
{% do action_options.append('http-request del-header' ~ action_data.actionName) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_replace-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-request replace-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-request_replace-value' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-request replace-value ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_allow' %}
{% do action_options.append('http-response allow') %}
{% elif action_data.type == 'http-response_deny' %}
{% do action_options.append('http-response deny') %}
{% elif action_data.type == 'http-response_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('http-response lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_add-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-response add-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_set-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" %}
{% do action_options.append('http-response set-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_del-header' %}
{% if action_data.actionName|default("") != "" %}
{% do action_options.append('http-response del-header' ~ action_data.actionName) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_replace-header' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-response replace-header ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'http-response_replace-value' %}
{% if action_data.actionValue|default("") != "" and action_data.actionName|default("") != "" and action_data.actionFind|default("") != "" %}
{% do action_options.append('http-response replace-value ' ~ action_data.actionName ~ ' ' ~ action_data.actionFind ~ ' ' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'tcp-request_connection_accept' %}
{% do action_options.append('tcp-request connection accept') %}
{% elif action_data.type == 'tcp-request_connection_reject' %}
{% do action_options.append('tcp-request connection reject') %}
{% elif action_data.type == 'tcp-request_content_accept' %}
{% do action_options.append('tcp-request content accept') %}
{% elif action_data.type == 'tcp-request_content_reject' %}
{% do action_options.append('tcp-request content reject') %}
{% elif action_data.type == 'tcp-request_content_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('tcp-request content lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'tcp-request_content_use-service' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('tcp-request content use-service lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'tcp-response_content_accept' %}
{% do action_options.append('tcp-response content accept') %}
{% elif action_data.type == 'tcp-response_content_close' %}
{% do action_options.append('tcp-response content close') %}
{% elif action_data.type == 'tcp-response_content_reject' %}
{% do action_options.append('tcp-response content reject') %}
{% elif action_data.type == 'tcp-response_content_lua' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append('tcp-response content lua.' ~ action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif action_data.type == 'custom' %}
{% if action_data.actionValue|default("") != "" %}
{% do action_options.append(action_data.actionValue) %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% else %}
{% set action_enabled = '0' %}
# ERROR: unsupported action type
{% endif %}
{# # check if action is valid #}
{% if action_enabled == '1' %}
{% if action_data.operator == 'or' %}
{% set join_operator = ' || ' %}
{% else %}
{% set join_operator = ' ' %}
{% endif %}
{# # check if action depends on ACLs #}
{% if action_acls|length > 0 %}
# ACTION: {{action_data.name}}
{{action_options|join(' ')}} {{action_data.testType}} {{action_acls|join(join_operator)}}
{% else %}
# NOTE: actions with no ACLs/conditions will always match
# ACTION: {{action_data.name}}
{{action_options|join(' ')}}
{% endif %}
{% else %}
# ACTION INVALID: {{action_data.name}}
{% endif %}
@@ -416,9 +424,6 @@
# ACTION INVALID: {{action_data.name}}
# ACL ERROR COUNT: {{acl_errors}}
{% endif %}
{% else %}
# ERROR: got action with empty linkedAcls
{% endif %}
{% endfor %}
{% else %}
# ERROR: AclsAndActions called with empty data