2020-06-18 16:56:44 +00:00
|
|
|
varnishtest "haproxy ACL, CLI and mCLI spaces"
|
2020-06-18 16:52:18 +00:00
|
|
|
feature ignore_unknown_macro
|
|
|
|
|
|
|
|
server s1 {
|
|
|
|
rxreq
|
|
|
|
expect req.method == "GET"
|
|
|
|
txresp
|
|
|
|
} -repeat 2 -start
|
|
|
|
|
2020-06-18 16:56:44 +00:00
|
|
|
haproxy h1 -W -S -conf {
|
2020-06-18 16:52:18 +00:00
|
|
|
defaults
|
|
|
|
mode http
|
|
|
|
log global
|
|
|
|
option httplog
|
2021-11-18 16:46:22 +00:00
|
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
2020-06-18 16:52:18 +00:00
|
|
|
|
|
|
|
frontend fe1
|
|
|
|
bind "fd@${fe1}"
|
|
|
|
|
|
|
|
http-request deny if { req.hdr(user-agent) -i -m str -f ${testdir}/agents.acl }
|
|
|
|
|
|
|
|
default_backend be1
|
|
|
|
|
|
|
|
backend be1
|
|
|
|
server s1 ${s1_addr}:${s1_port}
|
|
|
|
|
|
|
|
} -start
|
|
|
|
|
|
|
|
client c1 -connect ${h1_fe1_sock} {
|
|
|
|
txreq -hdr "User-Agent: Mon User Agent"
|
|
|
|
rxresp
|
|
|
|
expect resp.status == 200
|
|
|
|
} -run
|
|
|
|
|
|
|
|
haproxy h1 -cli {
|
|
|
|
send "add acl ${testdir}/agents.acl Mon\\ User\\ Agent\\;"
|
|
|
|
expect ~ .*
|
|
|
|
|
|
|
|
send "show acl ${testdir}/agents.acl"
|
|
|
|
expect ~ ".*Mon User Agent.*"
|
|
|
|
}
|
|
|
|
|
|
|
|
client c1 -connect ${h1_fe1_sock} {
|
|
|
|
txreq -hdr "User-Agent: Mon User Agent;"
|
|
|
|
rxresp
|
|
|
|
expect resp.status == 403
|
|
|
|
} -run
|
2020-06-18 16:56:44 +00:00
|
|
|
|
|
|
|
|
|
|
|
haproxy h1 -cli {
|
|
|
|
send "del acl ${testdir}/agents.acl Mon\\ User\\ Agent\\;"
|
|
|
|
expect ~ .*
|
|
|
|
|
|
|
|
send "show acl ${testdir}/agents.acl"
|
|
|
|
expect ~ .*
|
|
|
|
}
|
|
|
|
|
|
|
|
client c1 -connect ${h1_fe1_sock} {
|
|
|
|
txreq -hdr "User-Agent: Mon User Agent;"
|
|
|
|
rxresp
|
|
|
|
expect resp.status == 200
|
|
|
|
} -run
|
|
|
|
|
|
|
|
|
|
|
|
# Try it with the master CLI
|
|
|
|
haproxy h1 -mcli {
|
|
|
|
send "@1 add acl ${testdir}/agents.acl Mon\\ User\\ Agent\\;;@1 show acl ${testdir}/agents.acl"
|
|
|
|
expect ~ ".*Mon User Agent;.*"
|
|
|
|
}
|
|
|
|
|
|
|
|
client c1 -connect ${h1_fe1_sock} {
|
|
|
|
txreq -hdr "User-Agent: Mon User Agent;"
|
|
|
|
rxresp
|
|
|
|
expect resp.status == 403
|
|
|
|
} -run
|