]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7de211c) | patch
BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations
authorCyril Bonté <cyril.bonte@free.fr>
Tue, 29 May 2012 21:27:41 +0000 (23:27 +0200)
committerWilly Tarreau <w@1wt.eu>
Wed, 30 May 2012 04:43:24 +0000 (06:43 +0200)
commita32d275ab0bd078b94d34d67a6a297e4968eff43
tree4513c36e080ac7555736da5f7ab2b520ac24df81tree | snapshot
parent7de211c88b77594f9a4146e59b37175f33f5a189commit | diff
BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations

When "option forwardfor" is enabled in a frontend that uses backends,
"if-none" ignores the header name provided in the frontend.
This prevents haproxy to add the X-Forwarded-For header if the option is not
used in the backend.

This may introduce security issues for servers/applications that rely on the
header provided by haproxy.

A minimal configuration which can reproduce the bug:
defaults
mode http

listen OK
bind :9000

option forwardfor if-none
server s1 127.0.0.1:80

listen BUG-frontend
bind :9001

option forwardfor if-none

default_backend BUG-backend

backend BUG-backend
server s1 127.0.0.1:80
src/proto_http.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git