blob: 585503480e25ce8e3499f4127b102570a9970d08 [file] [log] [blame]
varnishtest "H1 authority validation and host normalizarion based on the scheme (rfc3982 6.3.2) or the method (connect)"
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.6-dev0)'"
feature ignore_unknown_macro
syslog S1 -level info {
# C1
recv
expect ~ "^.* uri: GET http://toto:poue@hostname/c1 HTTP/1.1; host: {hostname}$"
# C2
recv
expect ~ "^.* uri: GET http://hostname:8080/c2 HTTP/1.1; host: {hostname:8080}$"
# C3
recv
expect ~ "^.* uri: GET https://hostname/c3 HTTP/1.1; host: {hostname}$"
# C4
recv
expect ~ "^.* uri: GET https://hostname:80/c4 HTTP/1.1; host: {hostname:80}$"
# C5
recv
expect ~ "^.* uri: CONNECT hostname:80 HTTP/1.1; host: {hostname}$"
recv
expect ~ "^.* uri: CONNECT hostname:80 HTTP/1.1; host: {hostname}$"
recv
expect ~ "^.* uri: CONNECT hostname:80 HTTP/1.1; host: {hostname:}$"
# C6
recv
expect ~ "^.* uri: CONNECT hostname:443 HTTP/1.1; host: {hostname}$"
recv
expect ~ "^.* uri: CONNECT hostname:443 HTTP/1.1; host: {hostname}$"
recv
expect ~ "^.* uri: CONNECT hostname:443 HTTP/1.1; host: {hostname:}$"
# C7
recv
expect ~ "^.* uri: CONNECT hostname:8443 HTTP/1.1; host: {hostname:8443}$"
# C8
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C9
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C10
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C11
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C12
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C13
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C14
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C15
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C16
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C17
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C18
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C19
recv
expect ~ "^.* uri: <BADREQ>; host: $"
# C20
recv
expect ~ "^.* uri: GET http://hostname/c20 HTTP/1.1; host: {hostname}$"
# C21
recv
expect ~ "^.* uri: GET https://hostname/c21 HTTP/1.1; host: {hostname}$"
# C22
recv
expect ~ "^.* uri: GET http://hostname/c22 HTTP/1.1; host: {hostname:80}$"
# C23
recv
expect ~ "^.* uri: GET https://hostname/c23 HTTP/1.1; host: {hostname:443}$"
# C24
recv
expect ~ "^.* uri: GET http://hostname/c24 HTTP/1.1; host: {hostname}$"
# C25
recv
expect ~ "^.* uri: GET https://hostname/c25 HTTP/1.1; host: {hostname}$"
# C26
recv
expect ~ "^.* uri: GET http://hostname/c26 HTTP/1.1; host: {hostname:}$"
# C27
recv
expect ~ "^.* uri: GET https://hostname/c27 HTTP/1.1; host: {hostname:}$"
# C28
recv
expect ~ "^.* uri: GET http://hostname/c28 HTTP/1.1; host: {hostname}$"
# C29
recv
expect ~ "^.* uri: GET http://hostname/c29 HTTP/1.1; host: {hostname}$"
# C30
recv
expect ~ "^.* uri: GET https://hostname/c30 HTTP/1.1; host: {hostname}$"
# C31
recv
expect ~ "^.* uri: GET https://hostname/c31 HTTP/1.1; host: {hostname}$"
# C32
recv
expect ~ "^.* uri: GET http:// HTTP/1.1; host: {}$"
# C33
recv
expect ~ "^.* uri: GET https:// HTTP/1.1; host: {}$"
# C34
recv
expect ~ "^.* uri: GET http:// HTTP/1.1; host: {}$"
# C35
recv
expect ~ "^.* uri: GET https:// HTTP/1.1; host: {}$"
} -start
haproxy h1 -conf {
defaults
mode http
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
frontend fe
bind "fd@${fe}"
http-request capture req.hdr(host) len 512
log-format "uri: %r; host: %hr"
log ${S1_addr}:${S1_port} len 2048 local0 debug err
http-request return status 200
} -start
# default port 80 with http scheme => should be normalized
# Be sure userinfo are skipped
client c1 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://toto:poue@hostname:80/c1" \
-hdr "host: hostname:80"
rxresp
expect resp.status == 200
} -run
# port 8080 with http scheme => no normalization
client c2 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname:8080/c2" \
-hdr "host: hostname:8080"
rxresp
expect resp.status == 200
} -run
# default port 443 with https scheme => should be normalized
client c3 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "https://hostname:443/c3" \
-hdr "host: hostname:443"
rxresp
expect resp.status == 200
} -run
# port 80 with https scheme => no normalization
client c4 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "https://hostname:80/c4" \
-hdr "host: hostname:80"
rxresp
expect resp.status == 200
} -run
# CONNECT on port 80 => should be normalized
client c5 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname:80" \
-hdr "host: hostname:80"
rxresp
expect resp.status == 200
} -run
client c5 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname:80" \
-hdr "host: hostname"
rxresp
expect resp.status == 200
} -run
client c5 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname:80" \
-hdr "host: hostname:"
rxresp
expect resp.status == 200
} -run
# CONNECT on port 443 => should be normalized
client c6 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname:443" \
-hdr "host: hostname:443"
rxresp
expect resp.status == 200
} -run
client c6 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname:443" \
-hdr "host: hostname"
rxresp
expect resp.status == 200
} -run
client c6 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname:443" \
-hdr "host: hostname:"
rxresp
expect resp.status == 200
} -run
# CONNECT on port non-default port => no normalization
client c7 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname:8443" \
-hdr "host: hostname:8443"
rxresp
expect resp.status == 200
} -run
# host miss-match => error
client c8 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname1/" \
-hdr "host: hostname2"
rxresp
expect resp.status == 400
} -run
# port miss-match => error
client c9 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname:80/" \
-hdr "host: hostname:81"
rxresp
expect resp.status == 400
} -run
# no host port with a non-default port in abs-uri => error
client c10 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname:8080/" \
-hdr "host: hostname"
rxresp
expect resp.status == 400
} -run
# non-default host port with a default in abs-uri => error
client c11 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname/" \
-hdr "host: hostname:81"
rxresp
expect resp.status == 400
} -run
# miss-match between host headers => error
client c12 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname1/" \
-hdr "host: hostname1" \
-hdr "host: hostname2"
rxresp
expect resp.status == 400
} -run
# miss-match between host headers but with a normalization => error
client c13 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname1/" \
-hdr "host: hostname1:80" \
-hdr "host: hostname1"
rxresp
expect resp.status == 400
} -run
# CONNECT authoriy without port => error
client c14 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname" \
-hdr "host: hostname"
rxresp
expect resp.status == 400
} -run
# host miss-match with CONNECT => error
client c15 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname1:80" \
-hdr "host: hostname2:80"
rxresp
expect resp.status == 400
} -run
# port miss-match with CONNECT => error
client c16 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname:80" \
-hdr "host: hostname:443"
rxresp
expect resp.status == 400
} -run
# no host port with non-default port in CONNECT authority => error
client c17 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname:8080" \
-hdr "host: hostname"
rxresp
expect resp.status == 400
} -run
# no authority => error
client c18 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "/" \
-hdr "host: hostname"
rxresp
expect resp.status == 400
} -run
# no authority => error
client c19 -connect ${h1_fe_sock} {
txreq \
-req "CONNECT" \
-url "hostname:" \
-hdr "host: hostname"
rxresp
expect resp.status == 400
} -run
# default port 80 with http scheme but no port for host value => should be normalized
client c20 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname:80/c20" \
-hdr "host: hostname"
rxresp
expect resp.status == 200
} -run
# default port 443 with https scheme but no port for host value => should be normalized
client c21 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "https://hostname:443/c21" \
-hdr "host: hostname"
rxresp
expect resp.status == 200
} -run
# http scheme, no port for the authority but default port for host value => no normalization
client c22 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname/c22" \
-hdr "host: hostname:80"
rxresp
expect resp.status == 200
} -run
# https scheme, no port for the authority but default port for host value => no normalization
client c23 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "https://hostname/c23" \
-hdr "host: hostname:443"
rxresp
expect resp.status == 200
} -run
# http scheme, empty port for the authority and no port for host value => should be normalized
client c24 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname:/c24" \
-hdr "host: hostname"
rxresp
expect resp.status == 200
} -run
# https scheme, empty port for the authority and no port for host value => should be normalized
client c25 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "https://hostname:/c25" \
-hdr "host: hostname"
rxresp
expect resp.status == 200
} -run
# http scheme, no port for the authority and empty port for host value => no normalization
client c26 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname/c26" \
-hdr "host: hostname:"
rxresp
expect resp.status == 200
} -run
# https scheme, no port for the authority and empty port for host value => no normalization
client c27 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "https://hostname/c27" \
-hdr "host: hostname:"
rxresp
expect resp.status == 200
} -run
# http scheme, default port for the authority and empty port for host value => should be normalized
client c28 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname:80/c28" \
-hdr "host: hostname:"
rxresp
expect resp.status == 200
} -run
# http scheme, empty port for the authority and default port for host value => should be normalized
client c29 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://hostname:/c29" \
-hdr "host: hostname:80"
rxresp
expect resp.status == 200
} -run
# https scheme, default port for the authority and empty port for host value => should be normalized
client c30 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "https://hostname:443/c30" \
-hdr "host: hostname:"
rxresp
expect resp.status == 200
} -run
# https scheme, empty port for the authority and default port for host value => should be normalized
client c31 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "https://hostname:/c31" \
-hdr "host: hostname:443"
rxresp
expect resp.status == 200
} -run
# Strange cases
client c32 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://:" \
-hdr "host: :80"
rxresp
expect resp.status == 200
} -run
client c33 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "https://:" \
-hdr "host: :443"
rxresp
expect resp.status == 200
} -run
# Strange cases
client c34 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "http://:" \
-hdr "host: :"
rxresp
expect resp.status == 200
} -run
client c35 -connect ${h1_fe_sock} {
txreq \
-req "GET" \
-url "https://:" \
-hdr "host: :"
rxresp
expect resp.status == 200
} -run
syslog S1 -wait