Custom HTTP status codes for block action

[vankoven]

Modern browsers try to reestablish and repeat request in case of network errors. When we block a client with real browser, we should send 5xx or 4xx error instead of silently close the client connection. Here is an article showing the issue. In article researcher try to block client with specific Referer: header. After connection is closed, both Firefox and Chrome tries to repeat the request several times. And both drop the Referer: headed after several tries. One of comments to the article says, that Chrome in some elder version used to resend request after 5xx response codes.

Tempesta should silently close connection to usual bots and send error response to real browsers and full-browser botnets to effectively mitigate DDoS attacks.

[krizhanovsky]

The issue seems invalid for me. Firstly, we have a configuration option to drop a client connection silently or send an HTTP response, so if a user don't want to face the problem described in the article, then they just should use block_action attack reply configuration. Secondly, how can we understand whether the client is a real browser or not? We do a lot to differentiate a real clients from bots, e.g. using Cookie or JS challenges, and surely we don't want to terminate innocent client connections any way.

UPD. Actually, there is a problem that we can not send custom HTTP responses, e.g. 204 and people suggest in the article. So I think the issue should be reformulated as a requirement to point out desirable HTTP code for block_action ... reply. I think the task is linked with #856 (HTTP redirects).

UPD The response codes must be configurable as part of HTTPtables, see #1108.

Also please add a complete configuration example to https://github.com/tempesta-tech/tempesta/wiki/Handling-clients#error-responses because now it's unclear for a user where exactly the option should be used (Nginx docs say about context for this).