From 4212a30ad162afa54156ac9eca4afbf98c1f4fac Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 21 Sep 2018 10:42:19 +0200 Subject: [PATCH] MEDIUM: http: Ignore http-tunnel option on backend This option is frontends specific, so there is no reason to support it on backends. So now, it is ignored if it is set on a backend and a warning is emitted during the startup. The change is quite trivial, but the commit is tagged as MEDIUM because it is a small breakage with previous versions and configurations using this options could emit a warning now. --- doc/configuration.txt | 36 +++++++++++++++++++++--------------- src/cfgparse.c | 4 ++++ 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index a589f505b..f0999d64a 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -1994,7 +1994,8 @@ the backend's. HAProxy supports 5 connection modes : - TUN: tunnel ("option http-tunnel") : this was the default mode for versions 1.0 to 1.5-dev21 : only the first request and response are processed, and everything else is forwarded with no analysis at all. This mode should not - be used as it creates lots of trouble with logging and HTTP processing. + be used as it creates lots of trouble with logging and HTTP processing. It + is supported only on frontends. - PCL: passive close ("option httpclose") : exactly the same as tunnel mode, but with "Connection: close" appended in both directions to try to make @@ -2012,19 +2013,19 @@ frontend and a backend can be determined by both proxy modes according to the following matrix, but in short, the modes are symmetric, keep-alive is the weakest option and force close is the strongest. - Backend mode + Backend mode - | KAL | TUN | PCL | SCL | FCL - ----+-----+-----+-----+-----+---- - KAL | KAL | TUN | PCL | SCL | FCL - ----+-----+-----+-----+-----+---- - TUN | TUN | TUN | PCL | SCL | FCL - Frontend ----+-----+-----+-----+-----+---- - mode PCL | PCL | PCL | PCL | FCL | FCL - ----+-----+-----+-----+-----+---- - SCL | SCL | SCL | FCL | SCL | FCL - ----+-----+-----+-----+-----+---- - FCL | FCL | FCL | FCL | FCL | FCL + | KAL | PCL | SCL | FCL + ----+-----+-----+-----+---- + KAL | KAL | PCL | SCL | FCL + ----+-----+-----+-----+---- + TUN | TUN | PCL | SCL | FCL + Frontend ----+-----+-----+-----+---- + mode PCL | PCL | PCL | FCL | FCL + ----+-----+-----+-----+---- + SCL | SCL | FCL | SCL | FCL + ----+-----+-----+-----+---- + FCL | FCL | FCL | FCL | FCL @@ -2118,7 +2119,7 @@ option http-keep-alive (*) X X X X option http-no-delay (*) X X X X option http-pretend-keepalive (*) X - X X option http-server-close (*) X X X X -option http-tunnel (*) X X X X +option http-tunnel (*) X X X - option http-use-proxy-header (*) X X X - option httpchk X - X X option httpclose (*) X X X X @@ -5989,7 +5990,7 @@ option http-tunnel no option http-tunnel Disable or enable HTTP connection processing after first transaction May be used in sections : defaults | frontend | listen | backend - yes | yes | yes | yes + yes | yes | yes | no Arguments : none By default HAProxy operates in keep-alive mode with regards to persistent @@ -6009,6 +6010,11 @@ no option http-tunnel cookie processing or content switching will only work for the first request and will be ignored after the first response. + This option may be set on frontend and listen sections. Using it on a backend + section will be ignored and a warning will be reported during the startup. It + is a frontend related option, so there is no real reason to set it on a + backend. + If this option has been enabled in a "defaults" section, it can be disabled in a specific instance by prepending the "no" keyword before it. diff --git a/src/cfgparse.c b/src/cfgparse.c index 2ac22b55e..1e73e32e1 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -4761,6 +4761,10 @@ stats_error_parsing: } } else if (strcmp(args[1], "http-tunnel") == 0) { + if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[1], NULL)) { + err_code |= ERR_WARN; + goto out; + } if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code)) goto out; if (kwm == KWM_STD) {