From d4d9a43dd7b673627532afcd08fdfe1aae916a60 Mon Sep 17 00:00:00 2001
From: Sudarsan Reddy <sreddy@cloudflare.com>
Date: Mon, 8 Aug 2022 15:17:01 +0100
Subject: [PATCH] TUN-6639: Validate cyclic ingress configuration

It is currently possible to set cloudflared to proxy to the hostname
that traffic is ingressing from as an origin service. This change checks
for this configuration error and prompts a change.
---
 ingress/ingress.go      |  4 ++++
 ingress/ingress_test.go | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/ingress/ingress.go b/ingress/ingress.go
index 05a90a8b..cc0fca55 100644
--- a/ingress/ingress.go
+++ b/ingress/ingress.go
@@ -232,6 +232,10 @@ func validateIngress(ingress []config.UnvalidatedIngressRule, defaults OriginReq
 			} else {
 				service = newTCPOverWSService(u)
 			}
+
+			if u.Hostname() == r.Hostname {
+				return Ingress{}, fmt.Errorf("Cyclic Ingress configuration: Hostname:%s points to service:%s.", r.Hostname, r.Service)
+			}
 		}
 
 		if err := validateHostname(r, i, len(ingress)); err != nil {
diff --git a/ingress/ingress_test.go b/ingress/ingress_test.go
index 1ff5e11c..5bf3f912 100644
--- a/ingress/ingress_test.go
+++ b/ingress/ingress_test.go
@@ -404,6 +404,16 @@ ingress:
    service: https://localhost:8000
  - hostname: "*"
    service: https://localhost:8001
+`},
+			wantErr: true,
+		},
+		{
+			name: "Cyclic hostname definition",
+			args: args{rawYAML: `
+ingress:
+ - hostname: "test.example.com"
+   service: https://test.example.com
+ - service: http_status_404
 `},
 			wantErr: true,
 		},