haproxy/reg-tests/http-rules/forwarded-header-7239.vtc
Tim Duesterhus c21b98a6d3 REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3)
Introduced in:

424981cde REGTEST: add ifnone-forwardfor test
b015b3eb1 REGTEST: add RFC7239 forwarded header tests

see also:

fbbbc33df REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+
2023-08-15 11:29:13 +02:00

172 lines
4.7 KiB
Plaintext

varnishtest "Test RFC 7239 forwarded header support (forwarded option and related converters)"
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.8-dev0)'"
# This config tests the HTTP forwarded option and RFC7239 related converters.
feature ignore_unknown_macro
#test: converters, parsing and header injection logic
haproxy h1 -conf {
global
# WT: limit false-positives causing "HTTP header incomplete" due to
# idle server connections being randomly used and randomly expiring
# under us.
tune.idle-pool.shared off
defaults
mode http
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
frontend fe1
bind "fd@${fe1}"
http-request set-src hdr(x-src)
http-request set-dst hdr(x-dst)
http-request set-header host %[str(vtest)]
use_backend be1 if { path /req1 }
use_backend be2 if { path /req2 }
use_backend be3 if { path /req3 }
use_backend be4 if { path /req4 }
frontend fe2
bind "fd@${fe2}"
http-request return status 200 hdr forwarded "%[req.hdr(forwarded)]"
backend be1
option forwarded
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend be2
option forwarded for-expr src for_port-expr str(id) by by_port-expr int(10)
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend be3
acl valid req.hdr(forwarded),rfc7239_is_valid
http-request return status 200 if valid
http-request return status 400
backend be4
http-request set-var(req.fnode) req.hdr(forwarded),rfc7239_field(for)
http-request return status 200 hdr nodename "%[var(req.fnode),rfc7239_n2nn]" hdr nodeport "%[var(req.fnode),rfc7239_n2np]"
} -start
#test: "default" and "no option forwarded"
haproxy h2 -conf {
global
# WT: limit false-positives causing "HTTP header incomplete" due to
# idle server connections being randomly used and randomly expiring
# under us.
tune.idle-pool.shared off
defaults
mode http
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
option forwarded
frontend fe1
bind "fd@${fe1h2}"
use_backend default if { path /default }
use_backend override if { path /override }
use_backend disabled if { path /disabled }
backend default
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend override
option forwarded host-expr str(override)
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend disabled
no option forwarded
server s1 ${h1_fe2_addr}:${h1_fe2_port}
} -start
client c1 -connect ${h1_fe1_sock} {
txreq -req GET -url /req1 \
-hdr "x-src: 127.0.0.1"
rxresp
expect resp.status == 200
expect resp.http.forwarded == "proto=http;for=127.0.0.1"
txreq -req GET -url /req2 \
-hdr "x-src: 127.0.0.2" \
-hdr "x-dst: 127.0.0.3"
rxresp
expect resp.status == 200
expect resp.http.forwarded == "by=\"127.0.0.3:10\";for=\"127.0.0.2:_id\""
txreq -req GET -url /req3 \
-hdr "forwarded: for=\"unknown:132\";host=\"[::1]:65535\";by=\"_obfs:_port\";proto=https"
rxresp
expect resp.status == 200
txreq -req GET -url /req3 \
-hdr "forwarded: for=\"127.0.0.1\";host=v.test"
rxresp
expect resp.status == 200
txreq -req GET -url /req3 \
-hdr "forwarded: fore=\"unknown:132\""
rxresp
expect resp.status == 400
txreq -req GET -url /req3 \
-hdr "forwarded: proto=http;proto=http"
rxresp
expect resp.status == 400
txreq -req GET -url /req3 \
-hdr "forwarded: \""
rxresp
expect resp.status == 400
txreq -req GET -url /req3 \
-hdr "forwarded: by=[::1]"
rxresp
expect resp.status == 400
txreq -req GET -url /req3 \
-hdr "forwarded: by=\"[::1]\""
rxresp
expect resp.status == 200
txreq -req GET -url /req3 \
-hdr "forwarded: by=\"[::1]:\""
rxresp
expect resp.status == 400
txreq -req GET -url /req3 \
-hdr "forwarded: by=\"[::1]:3\""
rxresp
expect resp.status == 200
txreq -req GET -url /req4 \
-hdr "forwarded: proto=http;for=\"[::1]:_id\""
rxresp
expect resp.status == 200
expect resp.http.nodename == "::1"
expect resp.http.nodeport == "_id"
} -run
client c2 -connect ${h2_fe1h2_sock} {
txreq -req GET -url /default
rxresp
expect resp.status == 200
expect resp.http.forwarded != <undef>
txreq -req GET -url /override
rxresp
expect resp.status == 200
expect resp.http.forwarded == "host=\"override\""
txreq -req GET -url /disabled
rxresp
expect resp.status == 200
expect resp.http.forwarded == <undef>
} -run