mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-28 08:43:36 +00:00
5cb513abeb
"http-request deny", "http-request tarpit" and "http-response deny" rules now use the same syntax than http return rules and internally rely on the http replies. The behaviour is not the same when no argument is specified (or only the status code). For http replies, a dummy response is produced, with no payload. For old deny/tarpit rules, the proxy's error messages are used. Thus, to be compatible with existing configuration, the "default-errorfiles" parameter is implied. For instance : http-request deny deny_status 404 is now an alias of http-request deny status 404 default-errorfiles
78 lines
2.5 KiB
Plaintext
78 lines
2.5 KiB
Plaintext
varnishtest "Test the custom errors for HTTP deny rules"
|
|
#REQUIRE_VERSION=2.2
|
|
|
|
# This config tests the custom errors for HTTP deny rules.
|
|
|
|
feature ignore_unknown_macro
|
|
|
|
|
|
haproxy h1 -conf {
|
|
http-errors errors-1
|
|
errorfile 400 ${testdir}/errors/400-1.http
|
|
errorfile 403 ${testdir}/errors/403-1.http
|
|
errorfile 404 ${testdir}/errors/404-1.http
|
|
errorfile 500 /dev/null
|
|
|
|
defaults
|
|
mode http
|
|
timeout connect 1s
|
|
timeout client 1s
|
|
timeout server 1s
|
|
|
|
frontend fe1
|
|
bind "fd@${fe1}"
|
|
http-request deny deny_status 400 if { path /400 }
|
|
http-request deny deny_status 403 errorfile ${testdir}/errors/403.http if { path /403 }
|
|
http-request deny deny_status 404 errorfiles errors-1 if { path /404 }
|
|
http-request deny deny_status 500 errorfile /dev/null if { path /500-1 }
|
|
http-request deny deny_status 500 errorfiles errors-1 if { path /500-2 }
|
|
|
|
http-request deny status 500 hdr x-err-info "path=%[path]" content-type "text/plain" string "Internal Error" if { path /int-err }
|
|
http-request deny status 403 hdr x-err-info "path=%[path]" content-type "text/plain" lf-file ${testdir}/errors/lf-403.txt if { path /forbidden }
|
|
|
|
} -start
|
|
|
|
client c1r1 -connect ${h1_fe1_sock} {
|
|
txreq -req GET -url /400
|
|
rxresp
|
|
expect resp.status == 400
|
|
expect resp.http.x-err-type == <undef>
|
|
} -run
|
|
client c1r2 -connect ${h1_fe1_sock} {
|
|
txreq -req GET -url /403
|
|
rxresp
|
|
expect resp.status == 403
|
|
expect resp.http.x-err-type == "default"
|
|
} -run
|
|
client c1r3 -connect ${h1_fe1_sock} {
|
|
txreq -req GET -url /404
|
|
rxresp
|
|
expect resp.status == 404
|
|
expect resp.http.x-err-type == "errors-1"
|
|
} -run
|
|
client c1r4 -connect ${h1_fe1_sock} {
|
|
txreq -req GET -url /500-1
|
|
expect_close
|
|
} -run
|
|
client c1r5 -connect ${h1_fe1_sock} {
|
|
txreq -req GET -url /500-2
|
|
expect_close
|
|
} -run
|
|
client c1r6 -connect ${h1_fe1_sock} {
|
|
txreq -req GET -url /int-err
|
|
rxresp
|
|
expect resp.status == 500
|
|
expect resp.http.x-err-info == "path=/int-err"
|
|
expect resp.http.content-type == "text/plain"
|
|
expect resp.http.content-length == 14
|
|
expect resp.body == "Internal Error"
|
|
} -run
|
|
client c1r7 -connect ${h1_fe1_sock} {
|
|
txreq -req GET -url /forbidden
|
|
rxresp
|
|
expect resp.status == 403
|
|
expect resp.http.x-err-info == "path=/forbidden"
|
|
expect resp.http.content-type == "text/plain"
|
|
expect resp.body == "The path \"/forbidden\" is forbidden\n"
|
|
} -run
|