feat: Prevent user-defined listeners from conflicting with Admin API

2025-06-11 15:49:32 -03:00 · 2025-06-11 15:49:32 -03:00 · d019a2b0a4
parent 0f209f62eb
commit d019a2b0a4
2 changed files with 16 additions and 0 deletions
--- a/listeners.go
+++ b/listeners.go
@ -697,3 +697,15 @@ type ListenerWrapper interface {
 var listenerPool = NewUsagePool()

 const maxPortSpan = 65535
+
+func ConflictWithAdminAddr(addr NetworkAddress) bool {
+	adminAddr := NetworkAddress{
+		StartPort: uint(2019),
+		EndPort:   uint(2019),
+	}
+	if addr.StartPort <= adminAddr.EndPort && addr.EndPort >= adminAddr.StartPort {
+		Log().Error("conflict with admin api", zap.Uint("addr", addr.StartPort), zap.Uint("admin", adminAddr.StartPort))
+		return true
+	}
+	return false
+}
--- a/modules/caddyhttp/app.go
+++ b/modules/caddyhttp/app.go
@ -417,6 +417,10 @@ func (app *App) Validate() error {
 		// each server must use distinct listener addresses
 		for _, addr := range srv.Listen {
 			listenAddr, err := caddy.ParseNetworkAddress(addr)
+			// check for conflict with admin API
+			if caddy.ConflictWithAdminAddr(listenAddr) {
+				return fmt.Errorf("listener address '%s' already claimed by admin API", addr)
+			}
 			if err != nil {
 				return fmt.Errorf("invalid listener address '%s': %v", addr, err)
 			}