MEDIUM: http: Ignore http-tunnel option on backend
This option is frontends specific, so there is no reason to support it on
backends. So now, it is ignored if it is set on a backend and a warning is
emitted during the startup. The change is quite trivial, but the commit is
tagged as MEDIUM because it is a small breakage with previous versions and
configurations using this options could emit a warning now.
diff --git a/doc/configuration.txt b/doc/configuration.txt
index a589f50..f0999d6 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -1994,7 +1994,8 @@
- TUN: tunnel ("option http-tunnel") : this was the default mode for versions
1.0 to 1.5-dev21 : only the first request and response are processed, and
everything else is forwarded with no analysis at all. This mode should not
- be used as it creates lots of trouble with logging and HTTP processing.
+ be used as it creates lots of trouble with logging and HTTP processing. It
+ is supported only on frontends.
- PCL: passive close ("option httpclose") : exactly the same as tunnel mode,
but with "Connection: close" appended in both directions to try to make
@@ -2012,19 +2013,19 @@
following matrix, but in short, the modes are symmetric, keep-alive is the
weakest option and force close is the strongest.
- Backend mode
+ Backend mode
- | KAL | TUN | PCL | SCL | FCL
- ----+-----+-----+-----+-----+----
- KAL | KAL | TUN | PCL | SCL | FCL
- ----+-----+-----+-----+-----+----
- TUN | TUN | TUN | PCL | SCL | FCL
- Frontend ----+-----+-----+-----+-----+----
- mode PCL | PCL | PCL | PCL | FCL | FCL
- ----+-----+-----+-----+-----+----
- SCL | SCL | SCL | FCL | SCL | FCL
- ----+-----+-----+-----+-----+----
- FCL | FCL | FCL | FCL | FCL | FCL
+ | KAL | PCL | SCL | FCL
+ ----+-----+-----+-----+----
+ KAL | KAL | PCL | SCL | FCL
+ ----+-----+-----+-----+----
+ TUN | TUN | PCL | SCL | FCL
+ Frontend ----+-----+-----+-----+----
+ mode PCL | PCL | PCL | FCL | FCL
+ ----+-----+-----+-----+----
+ SCL | SCL | FCL | SCL | FCL
+ ----+-----+-----+-----+----
+ FCL | FCL | FCL | FCL | FCL
@@ -2118,7 +2119,7 @@
option http-no-delay (*) X X X X
option http-pretend-keepalive (*) X - X X
option http-server-close (*) X X X X
-option http-tunnel (*) X X X X
+option http-tunnel (*) X X X -
option http-use-proxy-header (*) X X X -
option httpchk X - X X
option httpclose (*) X X X X
@@ -5989,7 +5990,7 @@
no option http-tunnel
Disable or enable HTTP connection processing after first transaction
May be used in sections : defaults | frontend | listen | backend
- yes | yes | yes | yes
+ yes | yes | yes | no
Arguments : none
By default HAProxy operates in keep-alive mode with regards to persistent
@@ -6009,6 +6010,11 @@
cookie processing or content switching will only work for the first request
and will be ignored after the first response.
+ This option may be set on frontend and listen sections. Using it on a backend
+ section will be ignored and a warning will be reported during the startup. It
+ is a frontend related option, so there is no real reason to set it on a
+ backend.
+
If this option has been enabled in a "defaults" section, it can be disabled
in a specific instance by prepending the "no" keyword before it.
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 2ac22b5..1e73e32 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -4761,6 +4761,10 @@
}
}
else if (strcmp(args[1], "http-tunnel") == 0) {
+ if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[1], NULL)) {
+ err_code |= ERR_WARN;
+ goto out;
+ }
if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
goto out;
if (kwm == KWM_STD) {