proxy: Re-add pre-existing trailing slashes in AllowedPath (#2151)

* proxy.AllowedPath: Re-append trailing slashes to excepted path comparisons

* Substitute HasSuffix for manual check; check slash was actually removed

caddyhttp/proxy/upstream.go

@@ -665,7 +665,17 @@ func (u *staticUpstream) Select(r *http.Request) *UpstreamHost {
 
 func (u *staticUpstream) AllowedPath(requestPath string) bool {
 	for _, ignoredSubPath := range u.IgnoredSubPaths {
-		if httpserver.Path(path.Clean(requestPath)).Matches(path.Join(u.From(), ignoredSubPath)) {
+		p := path.Clean(requestPath)
+		e := path.Join(u.From(), ignoredSubPath)
+		// Re-add a trailing slashes if the original
+		// paths had one and the cleaned paths don't
+		if strings.HasSuffix(requestPath, "/") && !strings.HasSuffix(p, "/") {
+			p = p + "/"
+		}
+		if strings.HasSuffix(ignoredSubPath, "/") && !strings.HasSuffix(e, "/") {
+			e = e + "/"
+		}
+		if httpserver.Path(p).Matches(e) {
 			return false
 		}
 	}

caddyhttp/proxy/upstream_test.go

@@ -136,7 +136,7 @@ func TestRegisterPolicy(t *testing.T) {
 func TestAllowedPaths(t *testing.T) {
 	upstream := &staticUpstream{
 		from:            "/proxy",
-		IgnoredSubPaths: []string{"/download", "/static"},
+		IgnoredSubPaths: []string{"/download", "/static", "/trailingslash/"},
 	}
 	tests := []struct {
 		url      string
@@ -153,6 +153,8 @@ func TestAllowedPaths(t *testing.T) {
 		{"/proxy//static", false},
 		{"/proxy//static//download", false},
 		{"/proxy//download", false},
+		{"/proxy/trailingslash", true},
+		{"/proxy/trailingslash/", false},
 	}
 
 	for i, test := range tests {