BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations

When "option forwardfor" is enabled in a frontend that uses backends,
"if-none" ignores the header name provided in the frontend.
This prevents haproxy to add the X-Forwarded-For header if the option is not
used in the backend.

This may introduce security issues for servers/applications that rely on the
header provided by haproxy.

A minimal configuration which can reproduce the bug:
defaults
	mode http

listen OK
	bind :9000

	option forwardfor if-none
	server s1 127.0.0.1:80

listen BUG-frontend
	bind :9001

	option forwardfor if-none

	default_backend BUG-backend

backend BUG-backend
	server s1 127.0.0.1:80

diff --git a/src/proto_http.c b/src/proto_http.c
index 7cf413d77c99820d026d172a840e66756f8264ba..b41b70a5b436fb7dad072d7a0b9f76ef126bc66c 100644 (file)
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3249,9 +3249,10 @@ int http_process_request(struct session *s, struct buffer *req, int an_bit)
         */
        if ((s->fe->options | s->be->options) & PR_O_FWDFOR) {
                struct hdr_ctx ctx = { .idx = 0 };
-
                if (!((s->fe->options | s->be->options) & PR_O_FF_ALWAYS) &&
-                   http_find_header2(s->be->fwdfor_hdr_name, s->be->fwdfor_hdr_len, req->p, &txn->hdr_idx, &ctx)) {
+                       http_find_header2(s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_name : s->fe->fwdfor_hdr_name,
+                                         s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_len : s->fe->fwdfor_hdr_len,
+                                         req->p, &txn->hdr_idx, &ctx)) {
                        /* The header is set to be added only if none is present
                         * and we found it, so don't do anything.
                         */