From 1ecf2e9babe9d2505cebfc9e0f64454be66c2905 Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Wed, 11 Jun 2025 18:26:10 +0200
Subject: [PATCH] BUG/MINOR: config/server: reject QUIC addresses

QUIC is not implemented on the backend side. To prevent any issue, it is
better to reject any server configured which uses it. This is done via
_srv_parse_init() which is used both for static and dynamic servers.

This should be backported up to all stable versions.
---
 src/server.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/server.c b/src/server.c
index fc886c917..1bef0e39f 100644
--- a/src/server.c
+++ b/src/server.c
@@ -3596,6 +3596,14 @@ static int _srv_parse_init(struct server **srv, char **args, int *cur_arg,
 			goto out;
 		}
 
+#ifdef USE_QUIC
+		if (newsrv->addr_type.proto_type == PROTO_TYPE_DGRAM &&
+		    newsrv->addr_type.xprt_type == PROTO_TYPE_STREAM) {
+			ha_alert("QUIC protocol is unsupported on the backend side.\n");
+			goto out;
+		}
+#endif
+
 		if (!port1 || !port2) {
 			if (sk->ss_family != AF_CUST_RHTTP_SRV) {
 				/* no port specified, +offset, -offset */
-- 
2.47.3