| varnishtest "H1 authority validation and host normalizarion based on the scheme (rfc3982 6.3.2) or the method (connect)" |
| |
| feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.6-dev0)'" |
| feature ignore_unknown_macro |
| |
| syslog S1 -level info { |
| # C1 |
| recv |
| expect ~ "^.* uri: GET http://toto:poue@hostname/c1 HTTP/1.1; host: {hostname}$" |
| |
| # C2 |
| recv |
| expect ~ "^.* uri: GET http://hostname:8080/c2 HTTP/1.1; host: {hostname:8080}$" |
| |
| # C3 |
| recv |
| expect ~ "^.* uri: GET https://hostname/c3 HTTP/1.1; host: {hostname}$" |
| |
| # C4 |
| recv |
| expect ~ "^.* uri: GET https://hostname:80/c4 HTTP/1.1; host: {hostname:80}$" |
| |
| # C5 |
| recv |
| expect ~ "^.* uri: CONNECT hostname:80 HTTP/1.1; host: {hostname}$" |
| recv |
| expect ~ "^.* uri: CONNECT hostname:80 HTTP/1.1; host: {hostname}$" |
| recv |
| expect ~ "^.* uri: CONNECT hostname:80 HTTP/1.1; host: {hostname:}$" |
| |
| # C6 |
| recv |
| expect ~ "^.* uri: CONNECT hostname:443 HTTP/1.1; host: {hostname}$" |
| recv |
| expect ~ "^.* uri: CONNECT hostname:443 HTTP/1.1; host: {hostname}$" |
| recv |
| expect ~ "^.* uri: CONNECT hostname:443 HTTP/1.1; host: {hostname:}$" |
| |
| # C7 |
| recv |
| expect ~ "^.* uri: CONNECT hostname:8443 HTTP/1.1; host: {hostname:8443}$" |
| |
| # C8 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C9 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C10 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C11 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C12 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C13 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C14 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C15 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C16 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C17 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C18 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C19 |
| recv |
| expect ~ "^.* uri: <BADREQ>; host: $" |
| |
| # C20 |
| recv |
| expect ~ "^.* uri: GET http://hostname/c20 HTTP/1.1; host: {hostname}$" |
| |
| # C21 |
| recv |
| expect ~ "^.* uri: GET https://hostname/c21 HTTP/1.1; host: {hostname}$" |
| |
| # C22 |
| recv |
| expect ~ "^.* uri: GET http://hostname/c22 HTTP/1.1; host: {hostname:80}$" |
| |
| # C23 |
| recv |
| expect ~ "^.* uri: GET https://hostname/c23 HTTP/1.1; host: {hostname:443}$" |
| |
| # C24 |
| recv |
| expect ~ "^.* uri: GET http://hostname/c24 HTTP/1.1; host: {hostname}$" |
| |
| # C25 |
| recv |
| expect ~ "^.* uri: GET https://hostname/c25 HTTP/1.1; host: {hostname}$" |
| |
| # C26 |
| recv |
| expect ~ "^.* uri: GET http://hostname/c26 HTTP/1.1; host: {hostname:}$" |
| |
| # C27 |
| recv |
| expect ~ "^.* uri: GET https://hostname/c27 HTTP/1.1; host: {hostname:}$" |
| |
| # C28 |
| recv |
| expect ~ "^.* uri: GET http://hostname/c28 HTTP/1.1; host: {hostname}$" |
| |
| # C29 |
| recv |
| expect ~ "^.* uri: GET http://hostname/c29 HTTP/1.1; host: {hostname}$" |
| |
| # C30 |
| recv |
| expect ~ "^.* uri: GET https://hostname/c30 HTTP/1.1; host: {hostname}$" |
| |
| # C31 |
| recv |
| expect ~ "^.* uri: GET https://hostname/c31 HTTP/1.1; host: {hostname}$" |
| |
| # C32 |
| recv |
| expect ~ "^.* uri: GET http:// HTTP/1.1; host: {}$" |
| |
| # C33 |
| recv |
| expect ~ "^.* uri: GET https:// HTTP/1.1; host: {}$" |
| |
| # C34 |
| recv |
| expect ~ "^.* uri: GET http:// HTTP/1.1; host: {}$" |
| |
| # C35 |
| recv |
| expect ~ "^.* uri: GET https:// HTTP/1.1; host: {}$" |
| } -start |
| |
| haproxy h1 -conf { |
| defaults |
| mode http |
| timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" |
| timeout client "${HAPROXY_TEST_TIMEOUT-5s}" |
| timeout server "${HAPROXY_TEST_TIMEOUT-5s}" |
| |
| frontend fe |
| bind "fd@${fe}" |
| |
| http-request capture req.hdr(host) len 512 |
| log-format "uri: %r; host: %hr" |
| log ${S1_addr}:${S1_port} len 2048 local0 debug err |
| |
| http-request return status 200 |
| } -start |
| |
| # default port 80 with http scheme => should be normalized |
| # Be sure userinfo are skipped |
| client c1 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://toto:poue@hostname:80/c1" \ |
| -hdr "host: hostname:80" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # port 8080 with http scheme => no normalization |
| client c2 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname:8080/c2" \ |
| -hdr "host: hostname:8080" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # default port 443 with https scheme => should be normalized |
| client c3 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "https://hostname:443/c3" \ |
| -hdr "host: hostname:443" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # port 80 with https scheme => no normalization |
| client c4 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "https://hostname:80/c4" \ |
| -hdr "host: hostname:80" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # CONNECT on port 80 => should be normalized |
| client c5 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname:80" \ |
| -hdr "host: hostname:80" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| client c5 -connect ${h1_fe_sock} { |
| |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname:80" \ |
| -hdr "host: hostname" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| client c5 -connect ${h1_fe_sock} { |
| |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname:80" \ |
| -hdr "host: hostname:" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # CONNECT on port 443 => should be normalized |
| client c6 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname:443" \ |
| -hdr "host: hostname:443" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| client c6 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname:443" \ |
| -hdr "host: hostname" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| client c6 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname:443" \ |
| -hdr "host: hostname:" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # CONNECT on port non-default port => no normalization |
| client c7 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname:8443" \ |
| -hdr "host: hostname:8443" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # host miss-match => error |
| client c8 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname1/" \ |
| -hdr "host: hostname2" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| # port miss-match => error |
| client c9 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname:80/" \ |
| -hdr "host: hostname:81" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| # no host port with a non-default port in abs-uri => error |
| client c10 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname:8080/" \ |
| -hdr "host: hostname" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| # non-default host port with a default in abs-uri => error |
| client c11 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname/" \ |
| -hdr "host: hostname:81" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| # miss-match between host headers => error |
| client c12 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname1/" \ |
| -hdr "host: hostname1" \ |
| -hdr "host: hostname2" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| # miss-match between host headers but with a normalization => error |
| client c13 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname1/" \ |
| -hdr "host: hostname1:80" \ |
| -hdr "host: hostname1" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| # CONNECT authoriy without port => error |
| client c14 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname" \ |
| -hdr "host: hostname" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| # host miss-match with CONNECT => error |
| client c15 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname1:80" \ |
| -hdr "host: hostname2:80" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| # port miss-match with CONNECT => error |
| client c16 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname:80" \ |
| -hdr "host: hostname:443" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| # no host port with non-default port in CONNECT authority => error |
| client c17 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname:8080" \ |
| -hdr "host: hostname" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| # no authority => error |
| client c18 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "CONNECT" \ |
| -url "/" \ |
| -hdr "host: hostname" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| # no authority => error |
| client c19 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "CONNECT" \ |
| -url "hostname:" \ |
| -hdr "host: hostname" |
| |
| rxresp |
| expect resp.status == 400 |
| } -run |
| |
| |
| # default port 80 with http scheme but no port for host value => should be normalized |
| client c20 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname:80/c20" \ |
| -hdr "host: hostname" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| |
| # default port 443 with https scheme but no port for host value => should be normalized |
| client c21 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "https://hostname:443/c21" \ |
| -hdr "host: hostname" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| |
| # http scheme, no port for the authority but default port for host value => no normalization |
| client c22 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname/c22" \ |
| -hdr "host: hostname:80" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # https scheme, no port for the authority but default port for host value => no normalization |
| client c23 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "https://hostname/c23" \ |
| -hdr "host: hostname:443" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| |
| # http scheme, empty port for the authority and no port for host value => should be normalized |
| client c24 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname:/c24" \ |
| -hdr "host: hostname" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # https scheme, empty port for the authority and no port for host value => should be normalized |
| client c25 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "https://hostname:/c25" \ |
| -hdr "host: hostname" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # http scheme, no port for the authority and empty port for host value => no normalization |
| client c26 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname/c26" \ |
| -hdr "host: hostname:" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # https scheme, no port for the authority and empty port for host value => no normalization |
| client c27 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "https://hostname/c27" \ |
| -hdr "host: hostname:" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # http scheme, default port for the authority and empty port for host value => should be normalized |
| client c28 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname:80/c28" \ |
| -hdr "host: hostname:" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # http scheme, empty port for the authority and default port for host value => should be normalized |
| client c29 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://hostname:/c29" \ |
| -hdr "host: hostname:80" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # https scheme, default port for the authority and empty port for host value => should be normalized |
| client c30 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "https://hostname:443/c30" \ |
| -hdr "host: hostname:" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # https scheme, empty port for the authority and default port for host value => should be normalized |
| client c31 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "https://hostname:/c31" \ |
| -hdr "host: hostname:443" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # Strange cases |
| client c32 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://:" \ |
| -hdr "host: :80" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| |
| client c33 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "https://:" \ |
| -hdr "host: :443" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| # Strange cases |
| client c34 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "http://:" \ |
| -hdr "host: :" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| |
| client c35 -connect ${h1_fe_sock} { |
| txreq \ |
| -req "GET" \ |
| -url "https://:" \ |
| -hdr "host: :" |
| |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| syslog S1 -wait |