From d1323b6e999f74dea8a1187091987de69c78aca5 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 26 Feb 2021 12:45:56 +0100 Subject: [PATCH] BUG/MINOR: http-ana: Only consider dst address to process originalto option When an except parameter is used for originalto option, only the destination address must be evaluated. Especially, the address family of the destination must be tested and not the source one. This patch must be backported to all stable versions. However be careful, depending the versions the code may be slightly different. (cherry picked from commit cccded98c7b3f2281fe4481895b1392e78cc5df0) Signed-off-by: Christopher Faulet (cherry picked from commit df82f0b02a556f15cb4550851699828f5b11a6bf) Signed-off-by: Christopher Faulet (cherry picked from commit 5d7f40b92414f159c0ef28627a482df30be4e8ed) Signed-off-by: Christopher Faulet --- src/http_ana.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/http_ana.c b/src/http_ana.c index 65a5ddf..304bf47 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -865,7 +865,7 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit) if ((sess->fe->options | s->be->options) & PR_O_ORGTO) { /* FIXME: don't know if IPv6 can handle that case too. */ - if (cli_conn && conn_get_src(cli_conn) && cli_conn->src->ss_family == AF_INET && conn_get_dst(cli_conn)) { + if (cli_conn && conn_get_dst(cli_conn) && cli_conn->dst->ss_family == AF_INET) { /* Add an X-Original-To header unless the destination IP is * in the 'except' network range. */ -- 1.7.10.4