Christopher Faulet | 3610486 | 2020-02-06 14:27:09 +0100 | [diff] [blame] | 1 | varnishtest "Test HTTP response manipulation under the http-after-response rulesets" |
| 2 | #REQUIRE_VERSION=2.2 |
| 3 | |
| 4 | # This config tests various http-after-response rules for HTTP responses from a |
| 5 | # server and the stats applet, but also for internal responses |
| 6 | # (deny/redirect/auth/return). |
| 7 | |
| 8 | feature ignore_unknown_macro |
| 9 | |
| 10 | server s1 { |
| 11 | rxreq |
| 12 | txresp \ |
| 13 | -status 234 \ |
| 14 | -hdr "hdr1: val1" \ |
| 15 | -hdr "hdr2: val2a" \ |
| 16 | -hdr "hdr2: val2b" \ |
| 17 | -hdr "hdr3: val3a, val3b" \ |
| 18 | -hdr "hdr4:" \ |
| 19 | -body "This is a body" |
| 20 | } -repeat 2 -start |
| 21 | |
| 22 | haproxy h1 -conf { |
| 23 | defaults |
| 24 | mode http |
| 25 | timeout connect 1s |
| 26 | timeout client 1s |
| 27 | timeout server 1s |
| 28 | |
| 29 | frontend fe |
| 30 | bind "fd@${feh1}" |
| 31 | |
| 32 | http-request deny if { path /deny } |
| 33 | http-request redirect location / if { path /redir } |
| 34 | http-request auth if { path /auth } |
| 35 | |
| 36 | http-after-response allow if { status eq 403 } |
| 37 | http-after-response allow if { status eq 302 } |
| 38 | http-after-response allow if { status eq 401 } |
| 39 | |
| 40 | http-after-response set-header be-sl1 "%[res.fhdr(sl1)]" |
| 41 | http-after-response set-header be-sl2 "%[res.fhdr(sl2)]" |
| 42 | http-after-response set-header be-hdr "%[res.fhdr(hdr)]" |
| 43 | |
| 44 | http-after-response set-header be-sl1-crc "%[res.fhdr(sl1-crc)]" |
| 45 | http-after-response set-header be-sl2-crc "%[res.fhdr(sl2-crc)]" |
| 46 | http-after-response set-header be-hdr-crc "%[res.fhdr(hdr-crc)]" |
| 47 | |
| 48 | http-after-response set-var(res.status) status |
| 49 | http-after-response set-header sl1 "sl1: " |
| 50 | |
| 51 | http-after-response set-status 200 |
| 52 | |
| 53 | http-after-response set-header sl2 "sl2: " |
| 54 | |
| 55 | http-after-response set-header sl1 "%[res.fhdr(sl1)] status=<%[var(res.status)]>;" |
| 56 | http-after-response set-header sl2 "%[res.fhdr(sl2)] status=<%[status]>;" |
| 57 | http-after-response set-header hdr "%[res.fhdr(hdr)] hdr1=<%[res.hdr(hdr1)]>; fhdr1=<%[res.fhdr(hdr1)]>;" |
| 58 | http-after-response set-header hdr "%[res.fhdr(hdr)] hdr2=<%[res.hdr(hdr2)]>; fhdr2=<%[res.fhdr(hdr2)]>;" |
| 59 | http-after-response set-header hdr "%[res.fhdr(hdr)] hdr3=<%[res.hdr(hdr3)]>; fhdr3=<%[res.fhdr(hdr3)]>;" |
| 60 | http-after-response set-header hdr "%[res.fhdr(hdr)] hdr4=<%[res.hdr(hdr4)]>; fhdr4=<%[res.fhdr(hdr4)]>;" |
| 61 | |
| 62 | http-after-response set-header fe-sl1-crc "%[res.fhdr(sl1),crc32]" |
| 63 | http-after-response set-header fe-sl2-crc "%[res.fhdr(sl2),crc32]" |
| 64 | http-after-response set-header fe-hdr-crc "%[res.fhdr(hdr),crc32]" |
| 65 | |
| 66 | default_backend be |
| 67 | |
| 68 | backend be |
| 69 | stats enable |
| 70 | stats uri /stats |
| 71 | |
| 72 | http-request return status 234 content-type "text/plain" string "This is a body" if { path /return } |
| 73 | |
| 74 | http-response deny if { capture.req.uri /deny-srv } |
| 75 | |
| 76 | http-after-response allow if { status eq 502 } |
| 77 | |
| 78 | http-after-response set-status 234 if { capture.req.uri /stats } |
| 79 | http-after-response add-header hdr1 val1 unless { capture.req.uri / } |
| 80 | http-after-response add-header hdr2 val2a unless { capture.req.uri / } |
| 81 | http-after-response add-header hdr2 val2b unless { capture.req.uri / } |
| 82 | http-after-response add-header hdr3 "val3a, val3b" unless { capture.req.uri / } |
| 83 | http-after-response add-header hdr4 "%[str()]" unless { capture.req.uri / } |
| 84 | http-after-response del-header content-type |
| 85 | |
| 86 | http-after-response set-var(res.status) status |
| 87 | http-after-response set-header sl1 "sl1: " |
| 88 | |
| 89 | http-after-response set-status 200 |
| 90 | |
| 91 | http-after-response set-header sl2 "sl2: " |
| 92 | |
| 93 | http-after-response set-header sl1 "%[res.fhdr(sl1)] status=<%[var(res.status)]>;" |
| 94 | http-after-response set-header sl2 "%[res.fhdr(sl2)] status=<%[status]>;" |
| 95 | http-after-response set-header hdr "%[res.fhdr(hdr)] hdr1=<%[res.hdr(hdr1)]>; fhdr1=<%[res.fhdr(hdr1)]>;" |
| 96 | http-after-response set-header hdr "%[res.fhdr(hdr)] hdr2=<%[res.hdr(hdr2)]>; fhdr2=<%[res.fhdr(hdr2)]>;" |
| 97 | http-after-response set-header hdr "%[res.fhdr(hdr)] hdr3=<%[res.hdr(hdr3)]>; fhdr3=<%[res.fhdr(hdr3)]>;" |
| 98 | http-after-response set-header hdr "%[res.fhdr(hdr)] hdr4=<%[res.hdr(hdr4)]>; fhdr4=<%[res.fhdr(hdr4)]>;" |
| 99 | |
| 100 | http-after-response set-header sl1-crc "%[res.fhdr(sl1),crc32]" |
| 101 | http-after-response set-header sl2-crc "%[res.fhdr(sl2),crc32]" |
| 102 | http-after-response set-header hdr-crc "%[res.fhdr(hdr),crc32]" |
| 103 | |
| 104 | server s1 ${s1_addr}:${s1_port} |
| 105 | } -start |
| 106 | |
| 107 | client c1 -connect ${h1_feh1_sock} { |
| 108 | txreq -req GET -url / |
| 109 | rxresp |
| 110 | expect resp.status == 200 |
| 111 | expect resp.http.be-sl1-crc == 487202719 |
| 112 | expect resp.http.be-sl2-crc == 561949791 |
| 113 | expect resp.http.be-hdr-crc == 1719311923 |
| 114 | expect resp.http.fe-sl1-crc == 146151597 |
| 115 | expect resp.http.fe-sl2-crc == 561949791 |
| 116 | expect resp.http.fe-hdr-crc == 3634102538 |
| 117 | expect resp.http.content-type == <undef> |
| 118 | expect resp.bodylen == 14 |
| 119 | expect resp.body == "This is a body" |
| 120 | |
| 121 | txreq -req GET -url /return |
| 122 | rxresp |
| 123 | expect resp.status == 200 |
| 124 | expect resp.http.be-sl1-crc == 487202719 |
| 125 | expect resp.http.be-sl2-crc == 561949791 |
| 126 | expect resp.http.be-hdr-crc == 1719311923 |
| 127 | expect resp.http.fe-sl1-crc == 146151597 |
| 128 | expect resp.http.fe-sl2-crc == 561949791 |
| 129 | expect resp.http.fe-hdr-crc == 3634102538 |
| 130 | expect resp.http.content-type == <undef> |
| 131 | expect resp.bodylen == 14 |
| 132 | expect resp.body == "This is a body" |
| 133 | |
| 134 | txreq -req GET -url /stats |
| 135 | rxresp |
| 136 | expect resp.status == 200 |
| 137 | expect resp.http.be-sl1-crc == 487202719 |
| 138 | expect resp.http.be-sl2-crc == 561949791 |
| 139 | expect resp.http.be-hdr-crc == 1719311923 |
| 140 | expect resp.http.fe-sl1-crc == 146151597 |
| 141 | expect resp.http.fe-sl2-crc == 561949791 |
| 142 | expect resp.http.fe-hdr-crc == 3634102538 |
| 143 | expect resp.http.content-type == <undef> |
| 144 | } -run |
| 145 | |
| 146 | client c2 -connect ${h1_feh1_sock} { |
| 147 | txreq -req GET -url /deny |
| 148 | rxresp |
| 149 | expect resp.status == 403 |
| 150 | expect resp.http.be-sl1 == <undef> |
| 151 | expect resp.http.be-sl2 == <undef> |
| 152 | expect resp.http.be-hdr == <undef> |
| 153 | expect resp.http.sl1 == <undef> |
| 154 | expect resp.http.sl2 == <undef> |
| 155 | expect resp.http.hdr == <undef> |
| 156 | } -run |
| 157 | |
| 158 | client c3 -connect ${h1_feh1_sock} { |
| 159 | txreq -req GET -url /redir |
| 160 | rxresp |
| 161 | expect resp.status == 302 |
| 162 | expect resp.http.be-sl1 == <undef> |
| 163 | expect resp.http.be-sl2 == <undef> |
| 164 | expect resp.http.be-hdr == <undef> |
| 165 | expect resp.http.sl1 == <undef> |
| 166 | expect resp.http.sl2 == <undef> |
| 167 | expect resp.http.hdr == <undef> |
| 168 | } -run |
| 169 | |
| 170 | client c4 -connect ${h1_feh1_sock} { |
| 171 | txreq -req GET -url /auth |
| 172 | rxresp |
| 173 | expect resp.status == 401 |
| 174 | expect resp.http.be-sl1 == <undef> |
| 175 | expect resp.http.be-sl2 == <undef> |
| 176 | expect resp.http.be-hdr == <undef> |
| 177 | expect resp.http.sl1 == <undef> |
| 178 | expect resp.http.sl2 == <undef> |
| 179 | expect resp.http.hdr == <undef> |
| 180 | } -run |
| 181 | |
| 182 | client c5 -connect ${h1_feh1_sock} { |
| 183 | txreq -req GET -url /deny-srv |
| 184 | rxresp |
Christopher Faulet | f5db0fc | 2021-11-09 17:48:39 +0100 | [diff] [blame] | 185 | expect resp.status == 200 |
| 186 | expect resp.http.be-sl1 == "" |
| 187 | expect resp.http.be-sl2 == "" |
| 188 | expect resp.http.be-hdr == "" |
| 189 | expect resp.http.fe-sl1-crc == 3104968915 |
| 190 | expect resp.http.fe-sl2-crc == 561949791 |
| 191 | expect resp.http.fe-hdr-crc == 623352154 |
Christopher Faulet | 3610486 | 2020-02-06 14:27:09 +0100 | [diff] [blame] | 192 | } -run |