| varnishtest "haproxy ACL, CLI and mCLI spaces" |
| feature ignore_unknown_macro |
| |
| #REQUIRE_VERSION=2.0 |
| |
| server s1 { |
| rxreq |
| expect req.method == "GET" |
| txresp |
| } -repeat 2 -start |
| |
| haproxy h1 -W -S -conf { |
| defaults |
| mode http |
| log global |
| option httplog |
| timeout connect 1s |
| timeout client 1s |
| timeout server 1s |
| |
| frontend fe1 |
| bind "fd@${fe1}" |
| |
| http-request deny if { req.hdr(user-agent) -i -m str -f ${testdir}/agents.acl } |
| |
| default_backend be1 |
| |
| backend be1 |
| server s1 ${s1_addr}:${s1_port} |
| |
| } -start |
| |
| client c1 -connect ${h1_fe1_sock} { |
| txreq -hdr "User-Agent: Mon User Agent" |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| haproxy h1 -cli { |
| send "add acl ${testdir}/agents.acl Mon\\ User\\ Agent\\;" |
| expect ~ .* |
| |
| send "show acl ${testdir}/agents.acl" |
| expect ~ ".*Mon User Agent.*" |
| } |
| |
| client c1 -connect ${h1_fe1_sock} { |
| txreq -hdr "User-Agent: Mon User Agent;" |
| rxresp |
| expect resp.status == 403 |
| } -run |
| |
| |
| haproxy h1 -cli { |
| send "del acl ${testdir}/agents.acl Mon\\ User\\ Agent\\;" |
| expect ~ .* |
| |
| send "show acl ${testdir}/agents.acl" |
| expect ~ .* |
| } |
| |
| client c1 -connect ${h1_fe1_sock} { |
| txreq -hdr "User-Agent: Mon User Agent;" |
| rxresp |
| expect resp.status == 200 |
| } -run |
| |
| |
| # Try it with the master CLI |
| haproxy h1 -mcli { |
| send "@1 add acl ${testdir}/agents.acl Mon\\ User\\ Agent\\;;@1 show acl ${testdir}/agents.acl" |
| expect ~ ".*Mon User Agent;.*" |
| } |
| |
| client c1 -connect ${h1_fe1_sock} { |
| txreq -hdr "User-Agent: Mon User Agent;" |
| rxresp |
| expect resp.status == 403 |
| } -run |