78 lines
2.5 KiB
Diff
78 lines
2.5 KiB
Diff
From 2d848a09fb7a1fb661a418cc07c59496d7eb6b3e Mon Sep 17 00:00:00 2001
|
|
From: Willy Tarreau <w@1wt.eu>
|
|
Date: Tue, 8 Aug 2023 19:53:51 +0200
|
|
Subject: REGTESTS: http-rules: verify that we block '#' by default for
|
|
normalize-uri
|
|
|
|
Since we now block fragments by default, let's add an extra test there
|
|
to confirm that it's blocked even when stripping it.
|
|
|
|
(cherry picked from commit 4d0175b54b2b4eeb01aa6e31282b0a5b0d7d8ace)
|
|
[ad: backported to test conformance of BUG/MINOR: h1: do not accept '#'
|
|
as part of the URI component]
|
|
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
|
|
(cherry picked from commit b3f26043df74c661155566a0abd56103e8116078)
|
|
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
|
|
(cherry picked from commit 41d161ccbbfa846b4b17ed0166ff08f6bf0c3ea1)
|
|
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
|
|
(cherry picked from commit b6b330eb117d520a890e5b3cd623eaa73479db1b)
|
|
Signed-off-by: Willy Tarreau <w@1wt.eu>
|
|
(cherry picked from commit 73b9b13ac2654ef5384789685e3d65ca5f2f880a)
|
|
[wt: rewrote the test for 2.2 without normalize-uri and called it
|
|
fragments-in-uri]
|
|
Signed-off-by: Willy Tarreau <w@1wt.eu>
|
|
(cherry picked from commit dbf47600f63ffe161ce08d2f0faef7e0deb32b6e)
|
|
[wt: removed tune.idle-pool.shared from global section]
|
|
Signed-off-by: Willy Tarreau <w@1wt.eu>
|
|
(cherry picked from commit f04fec9f3efe7f8b70fbe72d6a4473f01699728c)
|
|
Signed-off-by: Willy Tarreau <w@1wt.eu>
|
|
---
|
|
reg-tests/http-rules/fragment_in_uri.vtc | 35 ++++++++++++++++++++++++
|
|
1 file changed, 35 insertions(+)
|
|
create mode 100644 reg-tests/http-rules/fragment_in_uri.vtc
|
|
|
|
diff --git a/reg-tests/http-rules/fragment_in_uri.vtc b/reg-tests/http-rules/fragment_in_uri.vtc
|
|
new file mode 100644
|
|
index 000000000..621751356
|
|
--- /dev/null
|
|
+++ b/reg-tests/http-rules/fragment_in_uri.vtc
|
|
@@ -0,0 +1,35 @@
|
|
+varnishtest "check for fragments in URL"
|
|
+#REQUIRE_VERSION=2.0
|
|
+
|
|
+# This reg-test checks that '#' is properly blocked in requests
|
|
+
|
|
+feature ignore_unknown_macro
|
|
+
|
|
+server s1 {
|
|
+ rxreq
|
|
+ txresp -hdr "connection: close"
|
|
+} -start
|
|
+
|
|
+haproxy h1 -conf {
|
|
+ global
|
|
+
|
|
+ defaults
|
|
+ mode http
|
|
+ timeout connect 1s
|
|
+ timeout client 1s
|
|
+ timeout server 1s
|
|
+
|
|
+ frontend fe_fragment_block
|
|
+ bind "fd@${fe_fragment_block}"
|
|
+ default_backend be
|
|
+
|
|
+ backend be
|
|
+ server s1 ${s1_addr}:${s1_port}
|
|
+
|
|
+} -start
|
|
+
|
|
+client c11 -connect ${h1_fe_fragment_block_sock} {
|
|
+ txreq -url "/#foo"
|
|
+ rxresp
|
|
+ expect resp.status == 400
|
|
+} -run
|
|
--
|
|
2.35.3
|
|
|