BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations

When "option forwardfor" is enabled in a frontend that uses backends, "if-none" ignores the header name provided in the frontend. This prevents haproxy to add the X-Forwarded-For header if the option is not used in the backend. This may introduce security issues for servers/applications that rely on the header provided by haproxy. A minimal configuration which can reproduce the bug: defaults mode http listen OK bind :9000 option forwardfor if-none server s1 127.0.0.1:80 listen BUG-frontend bind :9001 option forwardfor if-none default_backend BUG-backend backend BUG-backend server s1 127.0.0.1:80
2025-11-26 21:31:01 +01:00 · 2012-05-29 23:27:41 +02:00 · 2012-05-29 23:27:41 +02:00 · a32d275ab0
commit a32d275ab0
parent 7de211c88b
1 changed files with 3 additions and 2 deletions
--- a/src/proto_http.c
+++ b/src/proto_http.c
@ -3249,9 +3249,10 @@ int http_process_request(struct session *s, struct buffer *req, int an_bit)
 	 */
 	if ((s->fe->options | s->be->options) & PR_O_FWDFOR) {
 		struct hdr_ctx ctx = { .idx = 0 };
-
 		if (!((s->fe->options | s->be->options) & PR_O_FF_ALWAYS) &&
-		    http_find_header2(s->be->fwdfor_hdr_name, s->be->fwdfor_hdr_len, req->p, &txn->hdr_idx, &ctx)) {
+			http_find_header2(s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_name : s->fe->fwdfor_hdr_name,
+			                  s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_len : s->fe->fwdfor_hdr_len,
+			                  req->p, &txn->hdr_idx, &ctx)) {
 			/* The header is set to be added only if none is present
 			 * and we found it, so don't do anything.
 			 */