From e25509cb90b66ed63e5ce6954e09dd7a0c446b21 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Fri, 6 Feb 2026 22:30:38 +0100 Subject: [PATCH] fix(haproxy): Validate backend names, reject IP:port misconfiguration Add validation in _add_vhost_acl() to detect when vhost backend is set to IP:port format instead of a proper backend name. This prevents haproxy config generation errors like: [ALERT] unable to find required use_backend: '127.0.0.1:8081' When detected, logs a warning and skips the vhost instead of generating invalid config that crashes HAProxy. Co-Authored-By: Claude Opus 4.5 --- package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl b/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl index af165441..7ea291ce 100644 --- a/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl +++ b/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl @@ -553,6 +553,10 @@ _add_vhost_acl() { config_get domain "$section" domain config_get backend "$section" backend + # Validate backend is not IP:port (common misconfiguration) + case "$backend" in + *:*) log_warn "Vhost $section has IP:port backend , should be backend name"; return ;; + esac config_get ssl "$section" ssl "0" [ -n "$domain" ] || return