BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options

http-reuse should normally not be used in conjunction with the proxy protocol or with "usesrc clientip". While there's nothing fundamentally wrong with this, whenever these options are used, the server expects the IP address to be the source address for all requests, which doesn't make sense with http-reuse.
2025-02-14 17:37:46 +00:00 · 2017-01-06 12:21:38 +01:00 · 2017-01-06 12:21:38 +01:00 · 4c18346c0f
commit 4c18346c0f
parent 4f60301235
1 changed files with 19 additions and 0 deletions
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -8545,6 +8545,25 @@ out_uri_auth_compat:
 				err_code |= ERR_WARN;
 			}
 #endif
+
+			if ((curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR) {
+				if ((curproxy->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CLI ||
+				    (curproxy->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CIP ||
+				    (newsrv->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CLI ||
+				    (newsrv->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CIP) {
+					Warning("config : %s '%s' : connections to server '%s' use the client's IP address as the source while http-reuse is enabled and allows the same connection to be shared between multiple clients. It is strongly advised to disable 'usesrc' and to use the 'forwardfor' option instead.\n",
+						proxy_type_str(curproxy), curproxy->id, newsrv->id);
+					err_code |= ERR_WARN;
+				}
+
+
+				if (newsrv->pp_opts & (SRV_PP_V1|SRV_PP_V2)) {
+					Warning("config : %s '%s' : connections to server '%s' will have a PROXY protocol header announcing the first client's IP address while http-reuse is enabled and allows the same connection to be shared between multiple clients. It is strongly advised to disable 'send-proxy' and to use the 'forwardfor' option instead.\n",
+						proxy_type_str(curproxy), curproxy->id, newsrv->id);
+					err_code |= ERR_WARN;
+				}
+			}
+
 			newsrv = newsrv->next;
 		}