From 4c18346c0f18e8ac470bd0cb40b1b895e9345e26 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 6 Jan 2017 12:21:38 +0100 Subject: [PATCH] BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options http-reuse should normally not be used in conjunction with the proxy protocol or with "usesrc clientip". While there's nothing fundamentally wrong with this, whenever these options are used, the server expects the IP address to be the source address for all requests, which doesn't make sense with http-reuse. --- src/cfgparse.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/cfgparse.c b/src/cfgparse.c index bf43b2c..8e42163 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -8545,6 +8545,25 @@ out_uri_auth_compat: err_code |= ERR_WARN; } #endif + + if ((curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR) { + if ((curproxy->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CLI || + (curproxy->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CIP || + (newsrv->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CLI || + (newsrv->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CIP) { + Warning("config : %s '%s' : connections to server '%s' use the client's IP address as the source while http-reuse is enabled and allows the same connection to be shared between multiple clients. It is strongly advised to disable 'usesrc' and to use the 'forwardfor' option instead.\n", + proxy_type_str(curproxy), curproxy->id, newsrv->id); + err_code |= ERR_WARN; + } + + + if (newsrv->pp_opts & (SRV_PP_V1|SRV_PP_V2)) { + Warning("config : %s '%s' : connections to server '%s' will have a PROXY protocol header announcing the first client's IP address while http-reuse is enabled and allows the same connection to be shared between multiple clients. It is strongly advised to disable 'send-proxy' and to use the 'forwardfor' option instead.\n", + proxy_type_str(curproxy), curproxy->id, newsrv->id); + err_code |= ERR_WARN; + } + } + newsrv = newsrv->next; } -- 1.7.10.4