Merge pull request #333 from fosrl/dev

Dont block tcp for http unless there are targets
2026-05-05 23:50:10 -05:00 · 2026-04-28 14:51:01 -07:00 · 2026-04-28 14:29:55 -07:00 · 2026-04-28 10:13:49 -07:00 · 2026-04-28 10:10:28 -07:00
2 changed files with 10 additions and 14 deletions
--- a/healthcheck/healthcheck.go
+++ b/healthcheck/healthcheck.go
@@ -47,7 +47,7 @@ type Config struct {
 	Interval           int               `json:"hcInterval"`          // in seconds
 	UnhealthyInterval  int               `json:"hcUnhealthyInterval"` // in seconds
 	Timeout            int               `json:"hcTimeout"`           // in seconds
-	FollowRedirects    bool              `json:"hcFollowRedirects"`
+	FollowRedirects    *bool             `json:"hcFollowRedirects"`
 	Headers            map[string]string `json:"hcHeaders"`
 	Method             string            `json:"hcMethod"`
 	Status             int               `json:"hcStatus"` // HTTP status code
@@ -202,7 +202,9 @@ func (m *Monitor) addTargetUnsafe(config Config) error {
 		cancel: cancel,
 		client: &http.Client{
 			CheckRedirect: func() func(*http.Request, []*http.Request) error {
-				if !config.FollowRedirects {
+				// Default to following redirects if not explicitly configured
+				followRedirects := config.FollowRedirects == nil || *config.FollowRedirects
+				if !followRedirects {
 					return func(req *http.Request, via []*http.Request) error {
 						return http.ErrUseLastResponse
 					}
--- a/netstack2/handlers.go
+++ b/netstack2/handlers.go
@@ -152,20 +152,14 @@ func (h *TCPHandler) handleTCPConn(netstackConn *gonet.TCPConn, id stack.Transpo
 		srcAddr, _ := netip.ParseAddr(srcIP)
 		dstAddr, _ := netip.ParseAddr(dstIP)
 		rule := h.proxyHandler.subnetLookup.Match(srcAddr, dstAddr, dstPort, tcp.ProtocolNumber)
-		if rule != nil {
-			if rule.Protocol != "" {
-				logger.Info("TCP Forwarder: Routing %s:%d -> %s:%d to HTTP handler (%s)",
-					srcIP, srcPort, dstIP, dstPort, rule.Protocol)
-				h.proxyHandler.httpHandler.HandleConn(netstackConn, rule)
-			} else {
-				// A matching HTTP rule exists but has no protocol configured —
-				// do not fall through to the raw TCP handler; drop the connection.
-				logger.Info("TCP Forwarder: Dropping %s:%d -> %s:%d (HTTP rule matched but no protocol set)",
-					srcIP, srcPort, dstIP, dstPort)
-				netstackConn.Close()
-			}
+		if rule != nil && rule.Protocol != "" && len(rule.HTTPTargets) > 0 {
+			logger.Info("TCP Forwarder: Routing %s:%d -> %s:%d to HTTP handler (%s)",
+				srcIP, srcPort, dstIP, dstPort, rule.Protocol)
+			h.proxyHandler.httpHandler.HandleConn(netstackConn, rule)
 			return
 		}
+		// Otherwise fall through to raw TCP forwarding (e.g. CIDR resources
+		// that happen to use port 80/443 without HTTP configuration).
 	}

 	defer netstackConn.Close()
Author	SHA1	Message	Date
Owen Schwartz	9e92c42876	Merge pull request #333 from fosrl/dev Dont block tcp for http unless there are targets	2026-04-28 14:51:01 -07:00
Owen	66c72bbe2e	Dont block tcp for http unless there are targets	2026-04-28 14:29:55 -07:00
Owen Schwartz	ffd26f9a6d	Merge pull request #331 from fosrl/dev Follow redirects by default for backward compat	2026-04-28 10:13:49 -07:00
Owen	7610aa40bf	Follow redirects by default for backward compat Fixes #330	2026-04-28 10:10:28 -07:00