BUG/MINOR: http-ana: Apply stop to the current section for http-response rules

A TCP/HTTP action can stop the rules evaluation. However, it should be
applied on the current section only. For instance, for http-requests rules,
an "allow" on a frontend must stop evaluation of rules defined in this
frontend. But the backend rules, if any, must still be evaluated.

For http-response rulesets, according the configuration manual, the same
must be true. Only "allow" action is concerned. However, since the
beginning, this action stops evaluation of all remaining rules, not only
those of the current section.

This patch may be backported to all supported versions. But it is not so
critical because the bug exists since a while. I doubt it will break any
existing configuration because the current behavior is
counterintuitive.

2 files changed, 3 insertions, 1 deletions

diff --git a/reg-tests/http-rules/h1or2_to_h1c.vtc b/reg-tests/http-rules/h1or2_to_h1c.vtc
index 182013b59..4263a2ae8 100644
--- a/reg-tests/http-rules/h1or2_to_h1c.vtc
+++ b/reg-tests/http-rules/h1or2_to_h1c.vtc
@@ -160,6 +160,8 @@ haproxy h1 -conf {
 	http-response set-header     sl1-crc "%[res.fhdr(sl1),crc32]"
 	http-response set-header     sl2-crc "%[res.fhdr(sl2),crc32]"
 	http-response set-header     hdr-crc "%[res.fhdr(hdr),crc32]"
+	http-response allow
+	http-response deny # must not be evaluated
 
 	server s1 ${s1_addr}:${s1_port}
 } -start
diff --git a/src/http_ana.c b/src/http_ana.c
index c037261cf..341a9f870 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -1815,7 +1815,7 @@ int http_process_res_common(struct stream *s, struct channel *rep, int an_bit, s
 
 	while (1) {
 		/* evaluate http-response rules */
-		if (ret == HTTP_RULE_RES_CONT) {
+		if (ret == HTTP_RULE_RES_CONT || ret == HTTP_RULE_RES_STOP) {
 			struct list *def_rules, *rules;
 
 			def_rules = ((cur_proxy->defpx && (cur_proxy == s->be || cur_proxy->defpx != s->be->defpx)) ? &cur_proxy->defpx->http_res_rules : NULL);