Caddy version: v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=

I am trying to pass pem-encoded client certificate to proxied service via a X-SSL-Cert header, like so:

sub.example.com {
    reverse_proxy 127.0.0.1:8000 {
        header_up X-SSL-Cert {http.request.tls.client.certificate_pem}
    }

    tls {
        client_auth {
            mode require
        }
    }
}

Next line returns 200 as status https://github.com/Kong/kong/blob/c817fada7a514d84f6e0aab7461605c71bf3a841/kong/plugins/cors/handler.lua#L13

Internet says it should return 204:

• https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
• https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1#preflight-requests

Internet changed its mind since 2018 https://

Background

• BFE can be configured with Passive Health Check (i.e. Outlier Detection) and use responses from real requests to determine whether an backend instance is healthy.

Description
Add Active Health Check support:

• Actively and periodically send health checking requests to backend.
• Use responses from health checking requests to determine whether an backend instance is he

random stream test in [1, 10000] -> stream/http subsystem, generate random value:

https://github.com/apache/apisix/blob/master/apisix/init.lua#L86
https://github.com/apache/apisix/blob/master/apisix/init.lua#L777

Is your feature request related to a problem? Please describe.

As observed during #261, users can accidentally set timeouts inconsistently. A concrete example is that one can set a User facing timeout lower than any backend timeout, such that requests may fail early.

Describe the solution you'd like

We should provide some sanity checking to prevent unintended timeout behavior.

currently "option forwardfor" cant't be unset, so there is no way to enable it in the default section and disable it in a particular frontend

It would be nice to have a validation every time ergo runs in order to avoid badly formatted files and undefined errors.