reg-tests/http-rules/forwarded-header-7239.vtc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

varnishtest "Test RFC 7239 forwarded header support (forwarded option and related converters)"
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.8-dev0)'"

# This config tests the HTTP forwarded option and RFC7239 related converters.

feature ignore_unknown_macro

#test: converters, parsing and header injection logic
haproxy h1 -conf {
    global
        # WT: limit false-positives causing "HTTP header incomplete" due to
        # idle server connections being randomly used and randomly expiring
        # under us.
        tune.idle-pool.shared off

    defaults
        mode http
        timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
        timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
        timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"

    frontend fe1
        bind "fd@${fe1}"
        http-request set-src hdr(x-src)
        http-request set-dst hdr(x-dst)
	http-request set-header host %[str(vtest)]
	use_backend be1 if { path /req1 }
	use_backend be2 if { path /req2 }
	use_backend be3 if { path /req3 }
	use_backend be4 if { path /req4 }

    frontend fe2
        bind "fd@${fe2}"
	http-request return status 200 hdr forwarded "%[req.hdr(forwarded)]"

    backend be1
	option forwarded
        server s1 ${h1_fe2_addr}:${h1_fe2_port}

    backend be2
	option forwarded for-expr src for_port-expr str(id) by by_port-expr int(10)
        server s1 ${h1_fe2_addr}:${h1_fe2_port}

    backend be3
	acl valid req.hdr(forwarded),rfc7239_is_valid
	http-request return status 200 if valid
	http-request return status 400

    backend be4
	http-request set-var(req.fnode) req.hdr(forwarded),rfc7239_field(for)
	http-request return status 200 hdr nodename "%[var(req.fnode),rfc7239_n2nn]" hdr nodeport "%[var(req.fnode),rfc7239_n2np]"

} -start

#test: "default" and "no option forwarded"
haproxy h2 -conf {
    global
        # WT: limit false-positives causing "HTTP header incomplete" due to
        # idle server connections being randomly used and randomly expiring
        # under us.
        tune.idle-pool.shared off

    defaults
        mode http
        timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
        timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
        timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
        option forwarded

    frontend fe1
        bind "fd@${fe1h2}"
	use_backend default if { path /default }
	use_backend override if { path /override }
	use_backend disabled if { path /disabled }

    backend default
	server s1 ${h1_fe2_addr}:${h1_fe2_port}

    backend override
	option forwarded host-expr str(override)
	server s1 ${h1_fe2_addr}:${h1_fe2_port}

    backend disabled
	no option forwarded
	server s1 ${h1_fe2_addr}:${h1_fe2_port}

} -start

client c1 -connect ${h1_fe1_sock} {
    txreq -req GET -url /req1 \
        -hdr "x-src: 127.0.0.1"
    rxresp
    expect resp.status == 200
    expect resp.http.forwarded == "proto=http;for=127.0.0.1"

    txreq -req GET -url /req2 \
        -hdr "x-src: 127.0.0.2" \
        -hdr "x-dst: 127.0.0.3"
    rxresp
    expect resp.status == 200
    expect resp.http.forwarded == "by=\"127.0.0.3:10\";for=\"127.0.0.2:_id\""

    txreq -req GET -url /req3 \
        -hdr "forwarded: for=\"unknown:132\";host=\"[::1]:65535\";by=\"_obfs:_port\";proto=https"
    rxresp
    expect resp.status == 200

    txreq -req GET -url /req3 \
        -hdr "forwarded: for=\"127.0.0.1\";host=v.test"
    rxresp
    expect resp.status == 200

    txreq -req GET -url /req3 \
        -hdr "forwarded: fore=\"unknown:132\""
    rxresp
    expect resp.status == 400

    txreq -req GET -url /req3 \
        -hdr "forwarded: proto=http;proto=http"
    rxresp
    expect resp.status == 400

    txreq -req GET -url /req3 \
        -hdr "forwarded: \""
    rxresp
    expect resp.status == 400

    txreq -req GET -url /req3 \
        -hdr "forwarded: by=[::1]"
    rxresp
    expect resp.status == 400

    txreq -req GET -url /req3 \
        -hdr "forwarded: by=\"[::1]\""
    rxresp
    expect resp.status == 200

    txreq -req GET -url /req3 \
        -hdr "forwarded: by=\"[::1]:\""
    rxresp
    expect resp.status == 400

    txreq -req GET -url /req3 \
        -hdr "forwarded: by=\"[::1]:3\""
    rxresp
    expect resp.status == 200

    txreq -req GET -url /req4 \
        -hdr "forwarded: proto=http;for=\"[::1]:_id\""
    rxresp
    expect resp.status == 200
    expect resp.http.nodename == "::1"
    expect resp.http.nodeport == "_id"
} -run

client c2 -connect ${h2_fe1h2_sock} {
    txreq -req GET -url /default
    rxresp
    expect resp.status == 200
    expect resp.http.forwarded != <undef>

    txreq -req GET -url /override
    rxresp
    expect resp.status == 200
    expect resp.http.forwarded == "host=\"override\""

    txreq -req GET -url /disabled
    rxresp
    expect resp.status == 200
    expect resp.http.forwarded == <undef>
} -run