It is now possible to use log-format string (or hexadecimal string for the
binary version) to match a content in tcp-check based expect rules. For
hexadecimal log-format string, the conversion in binary is performed after the
string evaluation, during health check execution. The pattern keywords to use
are "string-lf" for the log-format string and "binary-lf" for the hexadecimal
log-format string.
Released version 2.2-dev7 with the following main changes :
- MINOR: version: Show uname output in display_version()
- CI: run weekly OpenSSL "no-deprecated" builds
- CLEANUP: log: fix comment of parse_logformat_string()
- DOC: Improve documentation on http-request set-src
- MINOR: ssl/cli: disallow SSL options for directory in 'add ssl crt-list'
- MINOR: ssl/cli: restrain certificate path when inserting into a directory
- MINOR: ssl: add ssl-skip-self-issued-ca global option
- BUG/MINOR: ssl: default settings for ssl server options are not used
- MINOR: config: add a global directive to set default SSL curves
- BUG/MEDIUM: http-ana: Handle NTLM messages correctly.
- DOC: internals: update the SSL architecture schema
- BUG/MINOR: tools: fix the i386 version of the div64_32 function
- BUG/MINOR: mux-fcgi/trace: fix wrong set of trace flags in fcgi_strm_add_eom()
- BUG/MINOR: http: make url_decode() optionally convert '+' to SP
- DOC: option logasap does not depend on mode
- MEDIUM: memory: make pool_gc() run under thread isolation
- MINOR: contrib: make the peers wireshark dissector a plugin
- BUG/MINOR: http-ana: Throw a 500 error if after-response ruleset fails on errors
- BUG/MINOR: check: Update server address and port to execute an external check
- MINOR: mini-clist: Add functions to iterate backward on a list
- MINOR: checks: Add a way to send custom headers and payload during http chekcs
- MINOR: server: respect warning and alert semantic
- BUG/MINOR: checks: Respect the no-check-ssl option
- BUG/MEDIUM: server/checks: Init server check during config validity check
- CLEANUP: checks: Don't export anymore init_check and srv_check_healthcheck_port
- BUG/MINOR: checks: chained expect will not properly wait for enough data
- BUG/MINOR: checks: Forbid tcp-check lines in default section as documented
- MINOR: checks: Use an enum to describe the tcp-check rule type
- MINOR: checks: Simplify connection flag parsing in tcp-check connect
- MEDIUM: checks: rewind to the first inverse expect rule of a chain on new data
- MINOR: checks: simplify tcp expect config parser
- MINOR: checks: add min-recv tcp-check expect option
- MINOR: checks: add linger option to tcp connect
- MINOR: checks: define a tcp expect type
- MEDIUM: checks: rewrite tcp-check expect block
- MINOR: checks: Stop xform buffers to null-terminated string for tcp-check rules
- MINOR: checks: add rbinary expect match type
- MINOR: checks: Simplify functions to get step id and comment
- MEDIUM: checks: capture groups in expect regexes
- MINOR: checks: Don't use a static tcp rule list head
- MEDIUM: checks: Use a non-comment rule iterator to get next rule
- MEDIUM: proxy/checks: Register a keyword to parse tcp-check rules
- MINOR: checks: Set the tcp-check rule index during parsing
- MINOR: checks: define tcp-check send type
- MINOR: checks: define a tcp-check connect type
- MEDIUM: checks: Add implicit tcp-check connect rule
- MAJOR: checks: Refactor and simplify the tcp-check loop
- MEDIUM: checks: Associate a session to each tcp-check healthcheck
- MINOR: checks/vars: Add a check scope for variables
- MEDIUM: checks: Parse custom action rules in tcp-checks
- MINOR: checks: Add support to set-var and unset-var rules in tcp-checks
- MINOR: checks: Add the sni option for tcp-check connect rules
- MINOR: checks: Add the via-socks4 option for tcp-check connect rules
- MINOR: checks: Add the alpn option for tcp-check connect rules
- MINOR: ssl: Export a generic function to parse an alpn string
- MINOR: checks: Add the default option for tcp-check connect rules
- MINOR: checks: Add the addr option for tcp-check connect rule
- MEDIUM: checks: Support expression to set the port
- MEDIUM: checks: Support log-format strings for tcp-check send rules
- MINOR: log: Don't depends on a stream to process samples in log-format string
- MINOR: log: Don't systematically set LW_REQ when a sample expr is added
- MEDIUM: checks: Add a shared list of tcp-check rules
- MINOR: sample: add htonl converter
- MINOR: sample: add cut_crlf converter
- MINOR: sample: add ltrim converter
- MINOR: sample: add rtrim converter
- MINOR: checks: Use a name for the healthcheck status enum
- MINOR: checks: Add option to tcp-check expect rules to customize error status
- MINOR: checks: Merge tcp-check comment rules with the others at config parsing
- MINOR: checks: Add a sample fetch to extract a block from the input check buffer
- MEDIUM: checks: Add on-error/on-success option on tcp-check expect rules
- MEDIUM: checks: Add status-code sample expression on tcp-check expect rules
- MINOR: checks: Relax the default option for tcp-check connect rules
- MEDIUM: checks: Add a list of vars to set before executing a tpc-check ruleset
- MINOR: checks: Export the tcpcheck_eval_ret enum
- MINOR: checks: Use dedicated function to handle onsuccess/onerror messages
- MINOR: checks: Support custom functions to eval a tcp-check expect rules
- MEDIUM: checks: Implement redis check using tcp-check rules
- MEDIUM: checks: Implement ssl-hello check using tcp-check rules
- MEDIUM: checks: Implement smtp check using tcp-check rules
- MEDIUM: checks: Implement postgres check using tcp-check rules
- MEDIUM: checks: Implement MySQL check using tcp-check rules
- MEDIUM: checks: Implement LDAP check using tcp-check rules
- MEDIUM: checks: Implement SPOP check using tcp-check rules
- MINOR: server/checks: Move parsing of agent keywords in checks.c
- MINOR: server/checks: Move parsing of server check keywords in checks.c
- MEDIUM: checks: Implement agent check using tcp-check rules
- REGTEST: Adapt regtests about checks to recent changes
- MINOR: Produce tcp-check info message for pure tcp-check rules only
- MINOR: checks: Add an option to set success status of tcp-check expect rules
- MINOR: checks: Improve log message of tcp-checks on success
- MINOR: proxy/checks: Move parsing of httpchk option in checks.c
- MINOR: proxy/checks: Move parsing of tcp-check option in checks.c
- MINOR: proxy/checks: Register a keyword to parse http-check rules
- MINOR: proxy/checks: Move parsing of external-check option in checks.c
- MINOR: proxy/checks: Register a keyword to parse external-check rules
- MEDIUM: checks: Use a shared ruleset to store tcp-check rules
- MINOR: checks: Use an indirect string to represent the expect matching string
- MINOR: checks: Introduce flags to configure in tcp-check expect rules
- MINOR: standard: Add my_memspn and my_memcspn
- MINOR: checks: Add a reverse non-comment rule iterator to get last rule
- MAJOR: checks: Implement HTTP check using tcp-check rules
- MINOR: checks: Make resume conditions more explicit in tcpcheck_main()
- MINOR: connection: Add macros to know if a conn or a cs uses an HTX mux
- MEDIUM: checks: Refactor how data are received in tcpcheck_main()
- MINOR: checks/obj_type: Add a new object type for checks
- BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function
- MINOR: checks: Use the check as origin when a session is created
- MINOR: checks: Add a mux proto to health-check and tcp-check connect rule
- MINOR: connection: Add a function to install a mux for a health-check
- MAJOR: checks: Use the best mux depending on the protocol for health checks
- MEDIUM: checks: Implement default TCP check using tcp-check rules
- MINOR: checks: Remove unused code about pure TCP checks
- CLEANUP: checks: Reorg checks.c file to be more readable
- REGTEST: Fix reg-tests about health-checks to adapt them to recent changes
- MINOR: ist: Add a function to retrieve the ist pointer
- MINOR: checks: Use ist API as far as possible
- BUG/MEDIUM: checks: Be sure to subscribe for sends if outgoing data remains
- MINOR: checks: Use a tree instead of a list to store tcp-check rulesets
- BUG/MINOR: checks: Send the right amount of outgoing data for HTTP checks
- REGTEST: Add scripts to test based tcp-check health-checks
- Revert "MEDIUM: checks: capture groups in expect regexes"
- DOC: Add documentation about comments for tcp-check and http-check directives
- DOC: Fix the tcp-check and http-check directives layout
- BUG/MEDIUM: checks: Use the mux protocol specified on the server line
- MINOR: checks: Support mux protocol definition for tcp and http health checks
- BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it
- MINOR: checks: Support list of status codes on http-check expect rules
- BUG/MEDIUM: checks: Unsubscribe to mux events when a conn-stream is destroyed
- REGTEST: Add a script to validate agent checks
- BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable
- BUG/MEDIUM: checks: unsubscribe for events on the old conn-stream on connect
- BUG/MINOR: checks: Only use ssl_sock_is_ssl() if compiled with SSL support
- BUG/MINOR: checks/server: use_ssl member must be signed
- BUG/MEDIUM: sessions: Always pass the mux context as argument to destroy a mux
- BUG/MEDIUM: checks: Destroy the conn-stream before the session
- BUG/MINOR: checks: Fix PostgreSQL regex on the authentication packet
- CI: cirrus-ci: remove reg-tests/checks/tcp-check-ssl.vtc on CentOS 6
- MINOR: checks: Support HTTP/2 version (without '.0') for http-check send rules
- MINOR: checks: Use ver keyword to specify the HTTP version for http checks
- BUG/MINOR: checks: Remove wrong variable redeclaration
- BUG/MINOR: checks: Properly handle truncated mysql server messages
- CLEANUP: checks: Remove unused code when ldap server message is parsed
- MINOR: checks: Make the use of the check's server more explicit on connect
- BUG/MINOR: checks: Avoid incompatible cast when a binary string is parsed
- BUG/MINOR: checks: Remove bad call to free() when an expect rule is parsed
- BUG/MINOR: checks: Don't lose warning on proxy capability
- MINOR: log: Add "Tu" timer
- BUG/MINOR: checks: Set the output buffer length before calling parse_binary()
- BUG/MEDIUM: mux-h1: make sure we always have a timeout on front connections
- REGTEST: ssl: test the client certificate authentication
- DOC: give a more accurate description of what check does
- BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream
- BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream
- BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam
- BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam
- CLEANUP: http: add a few comments on certain functions' assumptions about streams
- BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream
- MINOR: http-htx: Export functions to update message authority and host
- MINOR: checks: Don't support multiple host header for http-check send rule
- MINOR: checks: Skip some headers for http-check send rules
- MINOR: checks: Keep the Host header and the request uri synchronized
- CLEANUP: checks: Fix checks includes
- DOC: Fix send rules in the http-check connect example
- DOC: Add more info about request formatting in http-check send description
- REGTEST: http-rules: Require PCRE or PCRE2 option to run map_redirect script
- REGTEST: ssl: remove curl from the "add ssl crt-list" test
- REGTEST: ssl: improve the "set ssl cert" test
- CLEANUP: ssl: silence a build warning when threads are disabled
- BUG/MEDIUM: listener: mark the thread as not stuck inside the loop
- MINOR: threads: export the POSIX thread ID in panic dumps
- BUG/MINOR: debug: properly use long long instead of long for the thread ID
- BUG/MEDIUM: shctx: really check the lock's value while waiting
- BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock
- MINOR: stream: report the list of active filters on stream crashes
- BUG/MEDIUM: mux-fcgi: Return from detach if server don't keep the connection
- BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of fcgi_release()
- BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach()
- BUG/MEDIUM: connections: force connections cleanup on server changes
- BUG/MEDIUM: h1: Don't compare host and authority if only h1 headers are parsed
- BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id()
- CLEANUP: connections: align function declaration
- BUG/MINOR: sample: Set the correct type when a binary is converted to a string
- MEDIUM: checks/http-fetch: Support htx prefetch from a check for HTTP samples
- DOC: Document the log-format parameter for tcp-check send/send-binary rules
- MINOR: checks: Add support of payload-based sample fetches
- MINOR: checks: Add support of be_id, be_name, srv_id and srv_name sample fetches
- MINOR: checks: Add support of server side ssl sample fetches
- MINOR: checks: Add support of HTTP response sample fetches
- MINOR: http-htx: Support different methods to look for header names
- MINOR: checks: Set by default expect rule status to UNKNOWN during parsing
- BUG/MINOR: checks: Support multiple HTTP expect rules
- REGTEST: checks: Fix sync condition for agent-check
- MEDIUM: checks: Support matching on headers for http-check expect rules
- MINOR: lua: allow changing port with set_addr
- BUG/MINOR: da: Fix HTX message prefetch
- BUG/MINOR: wurfl: Fix HTX message prefetch
- BUG/MINOR: 51d: Fix HTX message prefetch
- MINOR: ist: add istadv() function
- MINOR: ist: add istissame() function
- MINOR: istbuf: add ist2buf() function
- BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS()
- BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}()
- DOC: update intro.txt for 2.2
- DOC: intro: add a contacts section
It is now possible to add http-check expect rules matching HTTP header names and
values. Here is the format of these rules:
http-check expect header name [ -m <meth> ] <name> [log-format] \
[ value [ -m <meth> ] <value> [log-format] [full] ]
the name pattern (name ...) is mandatory but the value pattern (value ...) is
optionnal. If not specified, only the header presence is verified. <meth> is the
matching method, applied on the header name or the header value. Supported
matching methods are:
* "str" (exact match)
* "beg" (prefix match)
* "end" (suffix match)
* "sub" (substring match)
* "reg" (regex match)
If not specified, exact matching method is used. If the "log-format" option is
used, the pattern (<name> or <value>) is evaluated as a log-format string. This
option cannot be used with the regex matching method. Finally, by default, the
header value is considered as comma-separated list. Each part may be tested. The
"full" option may be used to test the full header line. Note that matchings are
case insensitive on the header names.
HTPP sample fetches acting on the response can now be called from any sample
expression or log-format string in a tcp-check based ruleset. To avoid any
ambiguities, all these sample fetches are in the check scope, for instance
check.hdr() or check.cook().
SSL sample fetches acting on the server connection can now be called from any
sample expression or log-format string in a tcp-check based ruleset. ssl_bc and
ssl_bc_* sample fetches are concerned.
It is now possible to call be_id, be_name, srv_id and srv_name sample fetches
from any sample expression or log-format string in a tcp-check based ruleset.
It is now possible to call check.payload(), check.payload_lv() and check.len()
sample fetches from any sample expression or log-format string in a tcp-check
based ruleset. In fact, check.payload() was already added. But instead of having
a specific function to handle this sample fetch, we use the same than
req.payload().
These sample fetches act on the check input buffer, containing data received for
the server. So it should be part of or after an expect rule, but before any send
rule. Because the input buffer is cleared at this stage.
Only one Host header can be defined and some headers are automatically skipped
(Connection, Content-Length and Transfer-Encoding). In addition, a note about
the synchronisation of the Host header value and the request uri has been added.
The documentation for check implies that without an application
level check configured, it only enables simple tcp checks. What it
actually does is verify that the configured transport layer is available,
and that optional application level checks succeed.
It can be sometimes useful to measure total time of a request as seen
from an end user, including TCP/TLS negotiation, server response time
and transfer time. "Tt" currently provides something close to that, but
it also takes client idle time into account, which is problematic for
keep-alive requests as idle time can be very long. "Ta" is also not
sufficient as it hides TCP/TLS negotiationtime. To improve that, introduce
a "Tu" timer, without idle time and everything else. It roughly estimates
time spent time spent from user point of view (without DNS resolution
time), assuming network latency is the same in both directions.
It is now possible to match on a comma-separated list of status codes or range
of codes. In addtion, instead of a string comparison to match the response's
status code, a integer comparison is performed. Here is an example:
http-check expect status 200,201,300-310
It is now possible to force the mux protocol for a tcp-check based health check
using the server keyword "check-proto". If set, this parameter overwrites the
server one.
In the same way, a "proto" parameter has been added for tcp-check and http-check
connect rules. If set, this mux protocol overwrites all others for the current
connection.
The documentation about the comment argument for some tcp-check and http-check
directives was missing. As well as the description of "tcp-check comment" and
"http-check comment" directives.
When a tcp-check connect rule is evaluated, the mux protocol corresponding to
the health-check is chosen. So for TCP based health-checks, the mux-pt is
used. For HTTP based health-checks, the mux-h1 is used. The connection is marked
as private to be sure to not ruse regular HTTP connection for
health-checks. Connections reuse will be evaluated later.
The functions evaluating HTTP send rules and expect rules have been updated to
be HTX compliant. The main change for users is that HTTP health-checks are now
stricter on the HTTP message format. While before, the HTTP formatting and
parsing were minimalist, now messages should be well formatted.
HTTP health-checks are now internally based on tcp-checks. Of course all the
configuration parsing of the "http-check" keyword and the httpchk option has
been rewritten. But the main changes is that now, as for tcp-check ruleset, it
is possible to perform several send/expect sequences into the same
health-checks. Thus the connect rule is now also available from HTTP checks, jst
like set-var, unset-var and comment rules.
Because the request defined by the "option httpchk" line is used for the first
request only, it is now possible to set the method, the uri and the version on a
"http-check send" line.
All tcp-check rules are now stored in the globla shared list. The ones created
to parse a specific protocol, for instance redis, are already stored in this
list. Now pure tcp-check rules are also stored in it. The ruleset name is
created using the proxy name and its config file and line. tcp-check rules
declared in a defaults section are also stored this way using "defaults" as
proxy name.
For now, all tcp-check ruleset are stored in a list. But it could be a bit slow
to looks for a specific ruleset with a huge number of backends. So, it could be
a good idea to use a tree instead.
It is now possible to specified the healthcheck status to use on success of a
tcp-check rule, if it is the last evaluated rule. The option "ok-status"
supports "L4OK", "L6OK", "L7OK" and "L7OKC" status.
This option defines a sample expression, evaluated as an integer, to set the
status code (check->code) if a tcp-check healthcheck ends on the corresponding
expect rule.
These options define log-format strings used to produce the info message if a
tcp-check expect rule fails (on-error option) or succeeds (on-success
option). For this last option, it must be the ending rule, otherwise the
parameter is ignored.
It is now possible to extract information from the check input buffer using the
check.payload sample fetch. As req.payload or res.payload, an offset and a
length must be specified.
A new section has been added in the configuration manual. Now check sample
fetches will have to be documented under the section 7.3.7 (Fetching
health-check samples).
It is now possible to specified the healthcheck status to use on error or on
timeout for tcp-check expect rules. First, to define the error status, the
option "error-status" must be used followed by "L4CON", "L6RSP", "L7RSP" or
"L7STS". Then, to define the timeout status, the option "tout-status" must be
used followed by "L4TOUT", "L6TOUT" or "L7TOUT".
These options will be used to convert specific protocol healthchecks (redis,
pgsql...) to tcp-check ones.
x
This converter tranform a integer to its binary representation in the network
byte order. Integer are already automatically converted to binary during sample
expression evaluation. But because samples own 8-bytes integers, the conversion
produces 8 bytes. the htonl converter do the same but for 4-bytes integer.
Since we have a session attached to tcp-check healthchecks, It is possible use
sample expression and variables. In addition, it is possible to add tcp-check
set-var rules to define custom variables. So, now, a sample expression can be
used to define the port to use to establish a connection for a tcp-check connect
rule. For instance:
tcp-check set-var(check.port) int(8888)
tcp-check connect port var(check.port)
With this option, it is now possible to use a specific address to open the
connection for a tcp-check connect rule. If the port option is also specified,
it is used in priority.
With this option, it is possible to open a connection from a tcp-check connect
rule using all parameter of the server line, like any other healthcheck. For
now, this parameter is exclusive with all other option for a tcp-check connect
rule.
With this option, it is possible to establish the connection opened by a
tcp-check connect rule using upstream socks4 proxy. Info from the socks4
parameter on the server are used.
Evaluate the registered action_ptr associated with each CHK_ACTION_KW rules from
a ruleset. Currently only the 'set-var' and 'unset-var' are parsed by the
tcp-check parser. Thus it is now possible to set or unset variables. It is
possible to use such rules before the first connect of the ruleset.
The rbinary match works similarly to the rstring match type, however the
received data is rewritten as hex-string before the match operation is
done.
This allows using regexes on binary content even with the POSIX regex
engine.
[Cf: I slightly updated the patch. mem2hex function was removed and dump_binary
is used instead.]
Allow declaring tcpcheck connect commands with a new parameter,
"linger". This option will configure the connection to avoid using an
RST segment to close, instead following the four-way termination
handshake. Some servers would otherwise log each healthcheck as
an error.
Some expect rules cannot be satisfied due to inherent ambiguity towards
the received data: in the absence of match, the current behavior is to
be forced to wait either the end of the connection or a buffer full,
whichever comes first. Only then does the matching diagnostic is
considered conclusive. For instance :
tcp-check connect
tcp-check expect !rstring "^error"
tcp-check expect string "valid"
This check will only succeed if the connection is closed by the server before
the check timeout. Otherwise the first expect rule will wait for more data until
"^error" regex matches or the check expires.
Allow the user to explicitly define an amount of data that will be
considered enough to determine the value of the check.
This allows succeeding on negative rstring rules, as previously
in valid condition no match happened, and the matching was repeated
until the end of the connection. This could timeout the check
while no error was happening.
[Cf: I slighly updated the patch. The parameter was renamed and the value is a
signed integer to support -1 as default value to ignore the parameter.]
The 'http-check send' directive have been added to add headers and optionnaly a
payload to the request sent during HTTP healthchecks. The request line may be
customized by the "option httpchk" directive but there was not official way to
add extra headers. An old trick consisted to hide these headers at the end of
the version string, on the "option httpchk" line. And it was impossible to add
an extra payload with an "http-check expect" directive because of the
"Connection: close" header appended to the request (See issue #16 for details).
So to make things official and fully support payload additions, the "http-check
send" directive have been added :
option httpchk POST /status HTTP/1.1
http-check send hdr Content-Type "application/json;charset=UTF-8" \
hdr X-test-1 value1 hdr X-test-2 value2 \
body "{id: 1, field: \"value\"}"
When a payload is defined, the Content-Length header is automatically added. So
chunk-encoded requests are not supported yet. For now, there is no special
validity checks on the extra headers.
This patch is inspired by Kiran Gavali's work. It should fix the issue #16 and
as far as possible, it may be backported, at least as far as 1.8.
The documentation for option logasap misleads into thinking it is
only valid for mode http. It is actually valid for mode tcp too,
so this patch tries to disambiguate the current wording.
The url_decode() function used by the url_dec converter and a few other
call points is ambiguous on its processing of the '+' character which
itself isn't stable in the spec. This one belongs to the reserved
characters for the query string but not for the path nor the scheme,
in which it must be left as-is. It's only in argument strings that
follow the application/x-www-form-urlencoded encoding that it must be
turned into a space, that is, in query strings and POST arguments.
The problem is that the function is used to process full URLs and
paths in various configs, and to process query strings from the stats
page for example.
This patch updates the function to differentiate the situation where
it's parsing a path and a query string. A new argument indicates if a
query string should be assumed, otherwise it's only assumed after seeing
a question mark.
The various locations in the code making use of this function were
updated to take care of this (most call places were using it to decode
POST arguments).
The url_dec converter is usually called on path or url samples, so it
needs to remain compatible with this and will default to parsing a path
and turning the '+' to a space only after a question mark. However in
situations where it would explicitly be extracted from a POST or a
query string, it now becomes possible to enforce the decoding by passing
a non-null value in argument.
It seems to be what was reported in issue #585. This fix may be
backported to older stable releases.
This option activate the feature introduce in commit 16739778:
"MINOR: ssl: skip self issued CA in cert chain for ssl_ctx".
The patch disable the feature per default.
This patch adds more explanation on how to use "http-request set-src"
and a link to "option forwardfor".
This patch can be applied to all previous version starting at 1.6
Reviewed-by: Tim Duesterhus <tim@bastelstu.be>
