1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
use strict;
use warnings FATAL => 'all';
use Apache::Test;
use Apache::TestRequest;
use Apache::TestUtil;
use Apache::TestCommon ();
my %frontend = (
proxy_http_https => 'http',
proxy_https_https => 'https',
proxy_https_http => 'https',
);
my %backend = (
proxy_http_https => 'https',
proxy_https_https => 'https',
proxy_https_http => 'http',
);
my $num_modules = scalar keys %frontend;
my $post_module = 'eat_post';
my $post_tests = have_module($post_module) ?
Apache::TestCommon::run_post_test_sizes() : 0;
my $num_http_backends = 0;
for my $module (sort keys %backend) {
if ($backend{$module} eq "http") {
$num_http_backends++;
}
}
plan tests => (8 + $post_tests) * $num_modules - 5 * $num_http_backends,
need need_lwp, [qw(mod_proxy proxy_http.c)];
for my $module (sort keys %frontend) {
my $scheme = $frontend{$module};
Apache::TestRequest::module($module);
Apache::TestRequest::scheme($scheme);
my $hostport = Apache::TestRequest::hostport();
my $res;
my %vars;
sok {
t_cmp(GET('/')->code,
200,
"/ with $module ($scheme)");
};
sok {
t_cmp(GET('/modules/cgi/nph-foldhdr.pl')->code,
200,
"CGI script with folded headers");
};
if ($backend{$module} eq "https") {
sok {
t_cmp(GET('/verify')->code,
200,
"using valid proxyssl client cert");
};
sok {
t_cmp(GET('/require/snakeoil')->code,
403,
"using invalid proxyssl client cert");
};
$res = GET('/require-ssl-cgi/env.pl');
sok {
t_cmp($res->code, 200, "protected cgi script");
};
my $body = $res->content || "";
for my $line (split /\s*\r?\n/, $body) {
my($key, $val) = split /\s*=\s*/, $line, 2;
next unless $key;
$vars{$key} = $val || "";
}
sok {
t_cmp($vars{HTTP_X_FORWARDED_HOST},
$hostport,
"X-Forwarded-Host header");
};
sok {
t_cmp($vars{SSL_CLIENT_S_DN_CN},
'client_ok',
"client subject common name");
};
}
sok {
#test that ProxyPassReverse rewrote the Location header
#to use the frontend server rather than downstream server
my $uri = '/modules';
my $ruri = Apache::TestRequest::resolve_url($uri) . '/';
#tell lwp not to follow redirect so we can see the Location header
local $Apache::TestRequest::RedirectOK = 0;
$res = GET($uri);
my $location = $res->header('Location') || 'NONE';
t_cmp($location, $ruri, 'ProxyPassReverse Location rewrite');
};
Apache::TestCommon::run_post_test($post_module) if $post_tests;
Apache::TestRequest::user_agent(reset => 1);
}
|