varnishtest "Test HTTP response manipulation under the http-after-response rulesets" #REQUIRE_VERSION=2.2 # This config tests various http-after-response rules for HTTP responses from a # server and the stats applet, but also for internal responses # (deny/redirect/auth/return). feature ignore_unknown_macro server s1 { rxreq txresp \ -status 234 \ -hdr "hdr1: val1" \ -hdr "hdr2: val2a" \ -hdr "hdr2: val2b" \ -hdr "hdr3: val3a, val3b" \ -hdr "hdr4:" \ -body "This is a body" } -repeat 2 -start haproxy h1 -conf { defaults mode http timeout connect 1s timeout client 1s timeout server 1s frontend fe bind "fd@${feh1}" http-request deny if { path /deny } http-request redirect location / if { path /redir } http-request auth if { path /auth } http-after-response allow if { status eq 403 } http-after-response allow if { status eq 302 } http-after-response allow if { status eq 401 } http-after-response set-header be-sl1 "%[res.fhdr(sl1)]" http-after-response set-header be-sl2 "%[res.fhdr(sl2)]" http-after-response set-header be-hdr "%[res.fhdr(hdr)]" http-after-response set-header be-sl1-crc "%[res.fhdr(sl1-crc)]" http-after-response set-header be-sl2-crc "%[res.fhdr(sl2-crc)]" http-after-response set-header be-hdr-crc "%[res.fhdr(hdr-crc)]" http-after-response set-var(res.status) status http-after-response set-header sl1 "sl1: " http-after-response set-status 200 http-after-response set-header sl2 "sl2: " http-after-response set-header sl1 "%[res.fhdr(sl1)] status=<%[var(res.status)]>;" http-after-response set-header sl2 "%[res.fhdr(sl2)] status=<%[status]>;" http-after-response set-header hdr "%[res.fhdr(hdr)] hdr1=<%[res.hdr(hdr1)]>; fhdr1=<%[res.fhdr(hdr1)]>;" http-after-response set-header hdr "%[res.fhdr(hdr)] hdr2=<%[res.hdr(hdr2)]>; fhdr2=<%[res.fhdr(hdr2)]>;" http-after-response set-header hdr "%[res.fhdr(hdr)] hdr3=<%[res.hdr(hdr3)]>; fhdr3=<%[res.fhdr(hdr3)]>;" http-after-response set-header hdr "%[res.fhdr(hdr)] hdr4=<%[res.hdr(hdr4)]>; fhdr4=<%[res.fhdr(hdr4)]>;" http-after-response set-header fe-sl1-crc "%[res.fhdr(sl1),crc32]" http-after-response set-header fe-sl2-crc "%[res.fhdr(sl2),crc32]" http-after-response set-header fe-hdr-crc "%[res.fhdr(hdr),crc32]" default_backend be backend be stats enable stats uri /stats http-request return status 234 content-type "text/plain" string "This is a body" if { path /return } http-response deny if { capture.req.uri /deny-srv } http-after-response allow if { status eq 502 } http-after-response set-status 234 if { capture.req.uri /stats } http-after-response add-header hdr1 val1 unless { capture.req.uri / } http-after-response add-header hdr2 val2a unless { capture.req.uri / } http-after-response add-header hdr2 val2b unless { capture.req.uri / } http-after-response add-header hdr3 "val3a, val3b" unless { capture.req.uri / } http-after-response add-header hdr4 "%[str()]" unless { capture.req.uri / } http-after-response del-header content-type http-after-response set-var(res.status) status http-after-response set-header sl1 "sl1: " http-after-response set-status 200 http-after-response set-header sl2 "sl2: " http-after-response set-header sl1 "%[res.fhdr(sl1)] status=<%[var(res.status)]>;" http-after-response set-header sl2 "%[res.fhdr(sl2)] status=<%[status]>;" http-after-response set-header hdr "%[res.fhdr(hdr)] hdr1=<%[res.hdr(hdr1)]>; fhdr1=<%[res.fhdr(hdr1)]>;" http-after-response set-header hdr "%[res.fhdr(hdr)] hdr2=<%[res.hdr(hdr2)]>; fhdr2=<%[res.fhdr(hdr2)]>;" http-after-response set-header hdr "%[res.fhdr(hdr)] hdr3=<%[res.hdr(hdr3)]>; fhdr3=<%[res.fhdr(hdr3)]>;" http-after-response set-header hdr "%[res.fhdr(hdr)] hdr4=<%[res.hdr(hdr4)]>; fhdr4=<%[res.fhdr(hdr4)]>;" http-after-response set-header sl1-crc "%[res.fhdr(sl1),crc32]" http-after-response set-header sl2-crc "%[res.fhdr(sl2),crc32]" http-after-response set-header hdr-crc "%[res.fhdr(hdr),crc32]" server s1 ${s1_addr}:${s1_port} } -start client c1 -connect ${h1_feh1_sock} { txreq -req GET -url / rxresp expect resp.status == 200 expect resp.http.be-sl1-crc == 487202719 expect resp.http.be-sl2-crc == 561949791 expect resp.http.be-hdr-crc == 1719311923 expect resp.http.fe-sl1-crc == 146151597 expect resp.http.fe-sl2-crc == 561949791 expect resp.http.fe-hdr-crc == 3634102538 expect resp.http.content-type == expect resp.bodylen == 14 expect resp.body == "This is a body" txreq -req GET -url /return rxresp expect resp.status == 200 expect resp.http.be-sl1-crc == 487202719 expect resp.http.be-sl2-crc == 561949791 expect resp.http.be-hdr-crc == 1719311923 expect resp.http.fe-sl1-crc == 146151597 expect resp.http.fe-sl2-crc == 561949791 expect resp.http.fe-hdr-crc == 3634102538 expect resp.http.content-type == expect resp.bodylen == 14 expect resp.body == "This is a body" txreq -req GET -url /stats rxresp expect resp.status == 200 expect resp.http.be-sl1-crc == 487202719 expect resp.http.be-sl2-crc == 561949791 expect resp.http.be-hdr-crc == 1719311923 expect resp.http.fe-sl1-crc == 146151597 expect resp.http.fe-sl2-crc == 561949791 expect resp.http.fe-hdr-crc == 3634102538 expect resp.http.content-type == } -run client c2 -connect ${h1_feh1_sock} { txreq -req GET -url /deny rxresp expect resp.status == 403 expect resp.http.be-sl1 == expect resp.http.be-sl2 == expect resp.http.be-hdr == expect resp.http.sl1 == expect resp.http.sl2 == expect resp.http.hdr == } -run client c3 -connect ${h1_feh1_sock} { txreq -req GET -url /redir rxresp expect resp.status == 302 expect resp.http.be-sl1 == expect resp.http.be-sl2 == expect resp.http.be-hdr == expect resp.http.sl1 == expect resp.http.sl2 == expect resp.http.hdr == } -run client c4 -connect ${h1_feh1_sock} { txreq -req GET -url /auth rxresp expect resp.status == 401 expect resp.http.be-sl1 == expect resp.http.be-sl2 == expect resp.http.be-hdr == expect resp.http.sl1 == expect resp.http.sl2 == expect resp.http.hdr == } -run client c5 -connect ${h1_feh1_sock} { txreq -req GET -url /deny-srv rxresp expect resp.status == 502 expect resp.http.be-sl1 == expect resp.http.be-sl2 == expect resp.http.be-hdr == expect resp.http.sl1 == expect resp.http.sl2 == expect resp.http.hdr == } -run