From d019a2b0a4f6c3316422c3e68e73d98e9616af8c Mon Sep 17 00:00:00 2001 From: Breno Date: Wed, 11 Jun 2025 15:49:32 -0300 Subject: [PATCH] feat: Prevent user-defined listeners from conflicting with Admin API --- listeners.go | 12 ++++++++++++ modules/caddyhttp/app.go | 4 ++++ 2 files changed, 16 insertions(+) diff --git a/listeners.go b/listeners.go index 9e0057678..8ba2d336c 100644 --- a/listeners.go +++ b/listeners.go @@ -697,3 +697,15 @@ type ListenerWrapper interface { var listenerPool = NewUsagePool() const maxPortSpan = 65535 + +func ConflictWithAdminAddr(addr NetworkAddress) bool { + adminAddr := NetworkAddress{ + StartPort: uint(2019), + EndPort: uint(2019), + } + if addr.StartPort <= adminAddr.EndPort && addr.EndPort >= adminAddr.StartPort { + Log().Error("conflict with admin api", zap.Uint("addr", addr.StartPort), zap.Uint("admin", adminAddr.StartPort)) + return true + } + return false +} diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index b550904e2..aaf17942e 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -417,6 +417,10 @@ func (app *App) Validate() error { // each server must use distinct listener addresses for _, addr := range srv.Listen { listenAddr, err := caddy.ParseNetworkAddress(addr) + // check for conflict with admin API + if caddy.ConflictWithAdminAddr(listenAddr) { + return fmt.Errorf("listener address '%s' already claimed by admin API", addr) + } if err != nil { return fmt.Errorf("invalid listener address '%s': %v", addr, err) }