TUN-6639: Validate cyclic ingress configuration
It is currently possible to set cloudflared to proxy to the hostname that traffic is ingressing from as an origin service. This change checks for this configuration error and prompts a change.
This commit is contained in:
Sudarsan Reddy
parent
046a30e3c7
commit
d4d9a43dd7
|
|
@ -232,6 +232,10 @@ func validateIngress(ingress []config.UnvalidatedIngressRule, defaults OriginReq
|
||||||
} else {
|
} else {
|
||||||
service = newTCPOverWSService(u)
|
service = newTCPOverWSService(u)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if u.Hostname() == r.Hostname {
|
||||||
|
return Ingress{}, fmt.Errorf("Cyclic Ingress configuration: Hostname:%s points to service:%s.", r.Hostname, r.Service)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := validateHostname(r, i, len(ingress)); err != nil {
|
if err := validateHostname(r, i, len(ingress)); err != nil {
|
||||||
|
|
|
||||||
|
|
@ -404,6 +404,16 @@ ingress:
|
||||||
service: https://localhost:8000
|
service: https://localhost:8000
|
||||||
- hostname: "*"
|
- hostname: "*"
|
||||||
service: https://localhost:8001
|
service: https://localhost:8001
|
||||||
|
`},
|
||||||
|
wantErr: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Cyclic hostname definition",
|
||||||
|
args: args{rawYAML: `
|
||||||
|
ingress:
|
||||||
|
- hostname: "test.example.com"
|
||||||
|
service: https://test.example.com
|
||||||
|
- service: http_status_404
|
||||||
`},
|
`},
|
||||||
wantErr: true,
|
wantErr: true,
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue