Merge ~hloeung/content-cache-charm:master into content-cache-charm:master

Proposed by Haw Loeung
Status: Superseded
Proposed branch: ~hloeung/content-cache-charm:master
Merge into: content-cache-charm:master
Diff against target: 590 lines (+60/-60)
15 files modified
reactive/content_cache.py (+1/-1)
tests/unit/files/config_test_config.txt (+1/-1)
tests/unit/files/config_test_sites_map.txt (+1/-1)
tests/unit/files/content_cache_rendered_haproxy_test_output.txt (+10/-10)
tests/unit/files/content_cache_rendered_haproxy_test_output2.txt (+1/-1)
tests/unit/files/content_cache_rendered_haproxy_test_output3.txt (+1/-1)
tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt (+10/-10)
tests/unit/files/content_cache_rendered_haproxy_test_output_backup.txt (+1/-1)
tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt (+10/-10)
tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt (+10/-10)
tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt (+10/-10)
tests/unit/files/content_cache_rendered_haproxy_test_output_srv_template.txt (+1/-1)
tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt (+1/-1)
tests/unit/files/haproxy_config_rendered_test_output.txt (+1/-1)
tests/unit/files/haproxy_config_rendered_test_output2.txt (+1/-1)
Reviewer Review Type Date Requested Status
Canonical IS Reviewers Pending
Content Cache Charmers Pending
Review via email: mp+397694@code.launchpad.net

This proposal has been superseded by a proposal from 2021-02-08.

Commit message

Exclude 127.0.0.1 from X-Forward-For headers

To post a comment you must log in.
Revision history for this message
Haw Loeung (hloeung) wrote :

A real fix is to set a new header with the client's IP and update Nginx to log that. I'll do that in another MP.

Revision history for this message
Canonical IS Mergebot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Unmerged commits

66c3a16... by Haw Loeung

Exclude 127.0.0.1 from X-Forward-For headers

Newer HAProxy, as seen with upgrade from 2.2.3 to 2.2.9, includes
127.0.0.1 in the X-Forward-For headers. This gets logged by Nginx.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/reactive/content_cache.py b/reactive/content_cache.py
2index ec681d6..8b9cc63 100644
3--- a/reactive/content_cache.py
4+++ b/reactive/content_cache.py
5@@ -281,7 +281,7 @@ def configure_haproxy(): # NOQA: C901 LP#1825084
6 # Also, for caching layer, we want higher fall count as it's less
7 # likely the caching layer is down, 2 mins here (inter * fall).
8 new_cached_loc_conf['backend-fall-count'] = 60
9- new_cached_loc_conf['backend-options'] = ['forwardfor']
10+ new_cached_loc_conf['backend-options'] = ['forwardfor except 127.0.0.1']
11
12 # No backends
13 if not site_conf['locations'][location].get('backends'):
14diff --git a/tests/unit/files/config_test_config.txt b/tests/unit/files/config_test_config.txt
15index bae4473..688b8af 100644
16--- a/tests/unit/files/config_test_config.txt
17+++ b/tests/unit/files/config_test_config.txt
18@@ -46,7 +46,7 @@ site3.local:
19 /:
20 backends: *BACKENDS
21 backend-options:
22- - forwardfor except 127.0.0.1
23+ - forwardfor except 127.0.0.1 192.168.1.1
24 - forceclose
25 cache-maxconn: 4096
26
27diff --git a/tests/unit/files/config_test_sites_map.txt b/tests/unit/files/config_test_sites_map.txt
28index 7158e24..6f130c7 100644
29--- a/tests/unit/files/config_test_sites_map.txt
30+++ b/tests/unit/files/config_test_sites_map.txt
31@@ -39,7 +39,7 @@ site3.local:
32 locations:
33 /:
34 backend-options:
35- - forwardfor except 127.0.0.1
36+ - forwardfor except 127.0.0.1 192.168.1.1
37 - forceclose
38 backend_port: 8082
39 backends:
40diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
41index 9f6292d..73396fb 100644
42--- a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
43+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt
44@@ -155,7 +155,7 @@ listen site9-local
45 default_backend backend-site9-local
46
47 backend backend-cached-site1-local
48- option forwardfor
49+ option forwardfor except 127.0.0.1
50 option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk
51 http-request set-header Host site1.local
52 balance leastconn
53@@ -171,7 +171,7 @@ backend backend-site1-local
54 server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200
55
56 backend backend-cached-site2-local
57- option forwardfor
58+ option forwardfor except 127.0.0.1
59 option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
60 http-request set-header Host site2.local
61 balance leastconn
62@@ -187,14 +187,14 @@ backend backend-site2-local
63 server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
64
65 backend backend-cached-site3-local
66- option forwardfor
67+ option forwardfor except 127.0.0.1
68 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
69 http-request set-header Host site3.local
70 balance leastconn
71 server server_1 127.0.0.1:6082 check inter 2s rise 2 fall 60 maxconn 4096
72
73 backend backend-site3-local
74- option forwardfor except 127.0.0.1
75+ option forwardfor except 127.0.0.1 192.168.1.1
76 option forceclose
77 option redispatch 1
78 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
79@@ -205,14 +205,14 @@ backend backend-site3-local
80 server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200
81
82 backend backend-cached-site4-local
83- option forwardfor
84+ option forwardfor except 127.0.0.1
85 option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk
86 http-request set-header Host site4.local
87 balance leastconn
88 server server_1 127.0.0.1:6083 check inter 2s rise 2 fall 60 maxconn 200
89
90 backend backend-cached-site5
91- option forwardfor
92+ option forwardfor except 127.0.0.1
93 option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk
94 http-request set-header Host site5.local
95 balance leastconn
96@@ -233,7 +233,7 @@ backend backend-site5-2
97 server server_1 127.0.1.11:80 check inter 5s rise 2 fall 5 maxconn 200
98
99 backend backend-cached-site6-local
100- option forwardfor
101+ option forwardfor except 127.0.0.1
102 option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk
103 http-request set-header Host site6.local
104 balance leastconn
105@@ -247,7 +247,7 @@ backend backend-site6-local
106 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt
107
108 backend backend-cached-site7-local
109- option forwardfor
110+ option forwardfor except 127.0.0.1
111 option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk
112 http-request set-header Host site7.local
113 balance leastconn
114@@ -261,7 +261,7 @@ backend backend-site7-local
115 server server_1 127.0.1.10:80 check inter 5s rise 2 fall 5 maxconn 200
116
117 backend backend-cached-site8-local
118- option forwardfor
119+ option forwardfor except 127.0.0.1
120 option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk
121 http-request set-header Host site8.local
122 balance leastconn
123@@ -282,7 +282,7 @@ backend backend-site8-local-2
124 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt
125
126 backend backend-cached-site9-local
127- option forwardfor
128+ option forwardfor except 127.0.0.1
129 option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk
130 http-request set-header Host site9.local
131 balance leastconn
132diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output2.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output2.txt
133index 22ddfcd..dfabf9f 100644
134--- a/tests/unit/files/content_cache_rendered_haproxy_test_output2.txt
135+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output2.txt
136@@ -90,7 +90,7 @@ listen site1-local
137 default_backend backend-site1-local
138
139 backend backend-cached-site1-local
140- option forwardfor
141+ option forwardfor except 127.0.0.1
142 option httpchk HEAD / HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk
143 http-request set-header Host site1.local
144 balance leastconn
145diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output3.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output3.txt
146index dd8a6f7..b79fe04 100644
147--- a/tests/unit/files/content_cache_rendered_haproxy_test_output3.txt
148+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output3.txt
149@@ -96,7 +96,7 @@ listen site1-local
150 default_backend backend-site1-local
151
152 backend backend-cached-site1-local
153- option forwardfor
154+ option forwardfor except 127.0.0.1
155 option httpchk HEAD / HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk
156 http-request set-header Host site1.local
157 balance leastconn
158diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt
159index 8de817a..c77b9dc 100644
160--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt
161+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt
162@@ -155,7 +155,7 @@ listen site9-local
163 default_backend backend-site9-local
164
165 backend backend-cached-site1-local
166- option forwardfor
167+ option forwardfor except 127.0.0.1
168 option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk
169 http-request set-header Host site1.local
170 balance leastconn
171@@ -171,7 +171,7 @@ backend backend-site1-local
172 server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200
173
174 backend backend-cached-site2-local
175- option forwardfor
176+ option forwardfor except 127.0.0.1
177 option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
178 http-request set-header Host site2.local
179 balance leastconn
180@@ -187,14 +187,14 @@ backend backend-site2-local
181 server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
182
183 backend backend-cached-site3-local
184- option forwardfor
185+ option forwardfor except 127.0.0.1
186 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
187 http-request set-header Host site3.local
188 balance leastconn
189 server server_1 127.0.0.1:6082 check inter 2s rise 2 fall 60 maxconn 4096
190
191 backend backend-site3-local
192- option forwardfor except 127.0.0.1
193+ option forwardfor except 127.0.0.1 192.168.1.1
194 option forceclose
195 option redispatch 1
196 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
197@@ -205,14 +205,14 @@ backend backend-site3-local
198 server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200
199
200 backend backend-cached-site4-local
201- option forwardfor
202+ option forwardfor except 127.0.0.1
203 option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk
204 http-request set-header Host site4.local
205 balance leastconn
206 server server_1 127.0.0.1:6083 check inter 2s rise 2 fall 60 maxconn 200
207
208 backend backend-cached-site5
209- option forwardfor
210+ option forwardfor except 127.0.0.1
211 option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk
212 http-request set-header Host site5.local
213 balance leastconn
214@@ -233,7 +233,7 @@ backend backend-site5-2
215 server server_1 127.0.1.11:80 check inter 5s rise 2 fall 5 maxconn 200
216
217 backend backend-cached-site6-local
218- option forwardfor
219+ option forwardfor except 127.0.0.1
220 option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk
221 http-request set-header Host site6.local
222 balance leastconn
223@@ -247,7 +247,7 @@ backend backend-site6-local
224 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt
225
226 backend backend-cached-site7-local
227- option forwardfor
228+ option forwardfor except 127.0.0.1
229 option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk
230 http-request set-header Host site7.local
231 balance leastconn
232@@ -261,7 +261,7 @@ backend backend-site7-local
233 server server_1 127.0.1.10:80 check inter 5s rise 2 fall 5 maxconn 200
234
235 backend backend-cached-site8-local
236- option forwardfor
237+ option forwardfor except 127.0.0.1
238 option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk
239 http-request set-header Host site8.local
240 balance leastconn
241@@ -282,7 +282,7 @@ backend backend-site8-local-2
242 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt
243
244 backend backend-cached-site9-local
245- option forwardfor
246+ option forwardfor except 127.0.0.1
247 option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk
248 http-request set-header Host site9.local
249 balance leastconn
250diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_backup.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_backup.txt
251index aaf84c5..47980cb 100644
252--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_backup.txt
253+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_backup.txt
254@@ -95,7 +95,7 @@ listen site1-local-2
255 default_backend backend-site1-local-2
256
257 backend backend-cached-site1-local
258- option forwardfor
259+ option forwardfor except 127.0.0.1
260 option httpchk HEAD / HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk
261 http-request set-header Host site1.local
262 balance leastconn
263diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt
264index 29451b9..eb9f1cf 100644
265--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt
266+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt
267@@ -155,7 +155,7 @@ listen site9-local
268 default_backend backend-site9-local
269
270 backend backend-cached-site1-local
271- option forwardfor
272+ option forwardfor except 127.0.0.1
273 option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk
274 http-request set-header Host site1.local
275 balance roundrobin
276@@ -171,7 +171,7 @@ backend backend-site1-local
277 server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200
278
279 backend backend-cached-site2-local
280- option forwardfor
281+ option forwardfor except 127.0.0.1
282 option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
283 http-request set-header Host site2.local
284 balance roundrobin
285@@ -187,14 +187,14 @@ backend backend-site2-local
286 server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
287
288 backend backend-cached-site3-local
289- option forwardfor
290+ option forwardfor except 127.0.0.1
291 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
292 http-request set-header Host site3.local
293 balance roundrobin
294 server server_1 127.0.0.1:6082 check inter 2s rise 2 fall 60 maxconn 4096
295
296 backend backend-site3-local
297- option forwardfor except 127.0.0.1
298+ option forwardfor except 127.0.0.1 192.168.1.1
299 option forceclose
300 option redispatch 1
301 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
302@@ -205,14 +205,14 @@ backend backend-site3-local
303 server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200
304
305 backend backend-cached-site4-local
306- option forwardfor
307+ option forwardfor except 127.0.0.1
308 option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk
309 http-request set-header Host site4.local
310 balance roundrobin
311 server server_1 127.0.0.1:6083 check inter 2s rise 2 fall 60 maxconn 200
312
313 backend backend-cached-site5
314- option forwardfor
315+ option forwardfor except 127.0.0.1
316 option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk
317 http-request set-header Host site5.local
318 balance roundrobin
319@@ -233,7 +233,7 @@ backend backend-site5-2
320 server server_1 127.0.1.11:80 check inter 5s rise 2 fall 5 maxconn 200
321
322 backend backend-cached-site6-local
323- option forwardfor
324+ option forwardfor except 127.0.0.1
325 option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk
326 http-request set-header Host site6.local
327 balance roundrobin
328@@ -247,7 +247,7 @@ backend backend-site6-local
329 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt
330
331 backend backend-cached-site7-local
332- option forwardfor
333+ option forwardfor except 127.0.0.1
334 option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk
335 http-request set-header Host site7.local
336 balance roundrobin
337@@ -261,7 +261,7 @@ backend backend-site7-local
338 server server_1 127.0.1.10:80 check inter 5s rise 2 fall 5 maxconn 200
339
340 backend backend-cached-site8-local
341- option forwardfor
342+ option forwardfor except 127.0.0.1
343 option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk
344 http-request set-header Host site8.local
345 balance roundrobin
346@@ -282,7 +282,7 @@ backend backend-site8-local-2
347 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt
348
349 backend backend-cached-site9-local
350- option forwardfor
351+ option forwardfor except 127.0.0.1
352 option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk
353 http-request set-header Host site9.local
354 balance roundrobin
355diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt
356index ea91f8d..1262349 100644
357--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt
358+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt
359@@ -156,7 +156,7 @@ listen site9-local
360 default_backend backend-site9-local
361
362 backend backend-cached-site1-local
363- option forwardfor
364+ option forwardfor except 127.0.0.1
365 option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk
366 http-request set-header Host site1.local
367 balance leastconn
368@@ -172,7 +172,7 @@ backend backend-site1-local
369 server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200
370
371 backend backend-cached-site2-local
372- option forwardfor
373+ option forwardfor except 127.0.0.1
374 option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
375 http-request set-header Host site2.local
376 balance leastconn
377@@ -188,14 +188,14 @@ backend backend-site2-local
378 server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
379
380 backend backend-cached-site3-local
381- option forwardfor
382+ option forwardfor except 127.0.0.1
383 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
384 http-request set-header Host site3.local
385 balance leastconn
386 server server_1 127.0.0.1:6082 check inter 2s rise 2 fall 60 maxconn 4096
387
388 backend backend-site3-local
389- option forwardfor except 127.0.0.1
390+ option forwardfor except 127.0.0.1 192.168.1.1
391 option forceclose
392 option redispatch 1
393 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
394@@ -206,14 +206,14 @@ backend backend-site3-local
395 server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200
396
397 backend backend-cached-site4-local
398- option forwardfor
399+ option forwardfor except 127.0.0.1
400 option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk
401 http-request set-header Host site4.local
402 balance leastconn
403 server server_1 127.0.0.1:6083 check inter 2s rise 2 fall 60 maxconn 200
404
405 backend backend-cached-site5
406- option forwardfor
407+ option forwardfor except 127.0.0.1
408 option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk
409 http-request set-header Host site5.local
410 balance leastconn
411@@ -234,7 +234,7 @@ backend backend-site5-2
412 server server_1 127.0.1.11:80 check inter 5s rise 2 fall 5 maxconn 200
413
414 backend backend-cached-site6-local
415- option forwardfor
416+ option forwardfor except 127.0.0.1
417 option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk
418 http-request set-header Host site6.local
419 balance leastconn
420@@ -248,7 +248,7 @@ backend backend-site6-local
421 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt
422
423 backend backend-cached-site7-local
424- option forwardfor
425+ option forwardfor except 127.0.0.1
426 option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk
427 http-request set-header Host site7.local
428 balance leastconn
429@@ -262,7 +262,7 @@ backend backend-site7-local
430 server server_1 127.0.1.10:80 check inter 5s rise 2 fall 5 maxconn 200
431
432 backend backend-cached-site8-local
433- option forwardfor
434+ option forwardfor except 127.0.0.1
435 option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk
436 http-request set-header Host site8.local
437 balance leastconn
438@@ -283,7 +283,7 @@ backend backend-site8-local-2
439 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt
440
441 backend backend-cached-site9-local
442- option forwardfor
443+ option forwardfor except 127.0.0.1
444 option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk
445 http-request set-header Host site9.local
446 balance leastconn
447diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt
448index ef0a365..e62c94d 100644
449--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt
450+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt
451@@ -155,7 +155,7 @@ listen site9-local
452 default_backend backend-site9-local
453
454 backend backend-cached-site1-local
455- option forwardfor
456+ option forwardfor except 127.0.0.1
457 option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk
458 http-request set-header Host site1.local
459 balance leastconn
460@@ -172,7 +172,7 @@ backend backend-site1-local
461 server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200
462
463 backend backend-cached-site2-local
464- option forwardfor
465+ option forwardfor except 127.0.0.1
466 option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk
467 http-request set-header Host site2.local
468 balance leastconn
469@@ -189,14 +189,14 @@ backend backend-site2-local
470 server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
471
472 backend backend-cached-site3-local
473- option forwardfor
474+ option forwardfor except 127.0.0.1
475 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
476 http-request set-header Host site3.local
477 balance leastconn
478 server server_1 127.0.0.1:6082 check inter 2s rise 2 fall 60 maxconn 4096
479
480 backend backend-site3-local
481- option forwardfor except 127.0.0.1
482+ option forwardfor except 127.0.0.1 192.168.1.1
483 option forceclose
484 retry-on all-retryable-errors
485 option redispatch 1
486@@ -208,14 +208,14 @@ backend backend-site3-local
487 server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200
488
489 backend backend-cached-site4-local
490- option forwardfor
491+ option forwardfor except 127.0.0.1
492 option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk
493 http-request set-header Host site4.local
494 balance leastconn
495 server server_1 127.0.0.1:6083 check inter 2s rise 2 fall 60 maxconn 200
496
497 backend backend-cached-site5
498- option forwardfor
499+ option forwardfor except 127.0.0.1
500 option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk
501 http-request set-header Host site5.local
502 balance leastconn
503@@ -238,7 +238,7 @@ backend backend-site5-2
504 server server_1 127.0.1.11:80 check inter 5s rise 2 fall 5 maxconn 200
505
506 backend backend-cached-site6-local
507- option forwardfor
508+ option forwardfor except 127.0.0.1
509 option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk
510 http-request set-header Host site6.local
511 balance leastconn
512@@ -253,7 +253,7 @@ backend backend-site6-local
513 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt
514
515 backend backend-cached-site7-local
516- option forwardfor
517+ option forwardfor except 127.0.0.1
518 option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk
519 http-request set-header Host site7.local
520 balance leastconn
521@@ -268,7 +268,7 @@ backend backend-site7-local
522 server server_1 127.0.1.10:80 check inter 5s rise 2 fall 5 maxconn 200
523
524 backend backend-cached-site8-local
525- option forwardfor
526+ option forwardfor except 127.0.0.1
527 option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk
528 http-request set-header Host site8.local
529 balance leastconn
530@@ -291,7 +291,7 @@ backend backend-site8-local-2
531 server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt
532
533 backend backend-cached-site9-local
534- option forwardfor
535+ option forwardfor except 127.0.0.1
536 option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk
537 http-request set-header Host site9.local
538 balance leastconn
539diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_srv_template.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_srv_template.txt
540index 8d97a65..5c24c39 100644
541--- a/tests/unit/files/content_cache_rendered_haproxy_test_output_srv_template.txt
542+++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_srv_template.txt
543@@ -90,7 +90,7 @@ listen site1-local
544 default_backend backend-site1-local
545
546 backend backend-cached-site1-local
547- option forwardfor
548+ option forwardfor except 127.0.0.1
549 option httpchk HEAD / HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk
550 http-request set-header Host site1.local
551 balance leastconn
552diff --git a/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt b/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
553index 247c97d..1246e0d 100644
554--- a/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
555+++ b/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt
556@@ -16,7 +16,7 @@ backend backend-site2-local
557 server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
558
559 backend backend-site3-local
560- option forwardfor except 127.0.0.1
561+ option forwardfor except 127.0.0.1 192.168.1.1
562 option forceclose
563 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
564 http-request set-header Host site3.local
565diff --git a/tests/unit/files/haproxy_config_rendered_test_output.txt b/tests/unit/files/haproxy_config_rendered_test_output.txt
566index 290d918..19b0a26 100644
567--- a/tests/unit/files/haproxy_config_rendered_test_output.txt
568+++ b/tests/unit/files/haproxy_config_rendered_test_output.txt
569@@ -122,7 +122,7 @@ backend backend-site2-local
570 server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
571
572 backend backend-site3-local
573- option forwardfor except 127.0.0.1
574+ option forwardfor except 127.0.0.1 192.168.1.1
575 option forceclose
576 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
577 http-request set-header Host site3.local
578diff --git a/tests/unit/files/haproxy_config_rendered_test_output2.txt b/tests/unit/files/haproxy_config_rendered_test_output2.txt
579index 7489f26..8d7de93 100644
580--- a/tests/unit/files/haproxy_config_rendered_test_output2.txt
581+++ b/tests/unit/files/haproxy_config_rendered_test_output2.txt
582@@ -122,7 +122,7 @@ backend backend-site2-local
583 server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt
584
585 backend backend-site3-local
586- option forwardfor except 127.0.0.1
587+ option forwardfor except 127.0.0.1 192.168.1.1
588 option forceclose
589 option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk
590 http-request set-header Host site3.local

Subscribers

People subscribed via source and target branches