blob: 97d559b9c57f1cc24decc1011f8cd95e8d9dcb49 [file] [log] [blame]
'''
Test the Forwarded header and related configuration..
'''
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import os
Test.Summary = '''
Test FORWARDED header.
'''
Test.SkipUnless(
Condition.HasCurlFeature('http2'),
Condition.HasCurlFeature('IPv6'),
)
Test.ContinueOnFail = True
testName = "FORWARDED"
server = Test.MakeOriginServer("server", options={'--load': os.path.join(Test.TestDirectory, 'forwarded-observer.py')})
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.no-oride.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
response_header = {"headers": "HTTP/1.1 200 OK\r\nConnection: close\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.forwarded-none.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.forwarded-for.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.forwarded-by-ip.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.forwarded-by-unknown.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.forwarded-by-server-name.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.forwarded-by-uuid.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.forwarded-proto.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.forwarded-host.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.forwarded-connection-compact.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.forwarded-connection-std.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
request_header = {
"headers": "GET / HTTP/1.1\r\nHost: www.forwarded-connection-full.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""}
server.addResponse("sessionlog.json", request_header, response_header)
# Set up to check the output after the tests have run.
#
forwarded_log_id = Test.Disk.File("forwarded.log")
forwarded_log_id.Content = "forwarded.gold"
def baselineTsSetup(ts):
ts.addSSLfile("../remap/ssl/server.pem")
ts.addSSLfile("../remap/ssl/server.key")
ts.Disk.records_config.update({
# 'proxy.config.diags.debug.enabled': 1,
'proxy.config.url_remap.pristine_host_hdr': 1, # Retain Host header in original incoming client request.
'proxy.config.proxy_name': 'Poxy_Proxy', # This will be the server name.
'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir)
})
ts.Disk.ssl_multicert_config.AddLine(
'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key'
)
ts.Disk.remap_config.AddLine(
'map http://www.no-oride.com http://127.0.0.1:{0}'.format(server.Variables.Port)
)
# Disable the cache to make sure each request is forwarded to the origin
# server.
ts = Test.MakeATSProcess("ts", enable_tls=True, enable_cache=False)
baselineTsSetup(ts)
ts.Disk.remap_config.AddLine(
'map http://www.forwarded-none.com http://127.0.0.1:{0}'.format(server.Variables.Port) +
' @plugin=conf_remap.so @pparam=proxy.config.http.insert_forwarded=none'
)
ts.Disk.remap_config.AddLine(
'map http://www.forwarded-for.com http://127.0.0.1:{0}'.format(server.Variables.Port) +
' @plugin=conf_remap.so @pparam=proxy.config.http.insert_forwarded=for'
)
ts.Disk.remap_config.AddLine(
'map http://www.forwarded-by-ip.com http://127.0.0.1:{0}'.format(server.Variables.Port) +
' @plugin=conf_remap.so @pparam=proxy.config.http.insert_forwarded=by=ip'
)
ts.Disk.remap_config.AddLine(
'map http://www.forwarded-by-unknown.com http://127.0.0.1:{0}'.format(server.Variables.Port) +
' @plugin=conf_remap.so @pparam=proxy.config.http.insert_forwarded=by=unknown'
)
ts.Disk.remap_config.AddLine(
'map http://www.forwarded-by-server-name.com http://127.0.0.1:{0}'.format(server.Variables.Port) +
' @plugin=conf_remap.so @pparam=proxy.config.http.insert_forwarded=by=serverName'
)
ts.Disk.remap_config.AddLine(
'map http://www.forwarded-by-uuid.com http://127.0.0.1:{0}'.format(server.Variables.Port) +
' @plugin=conf_remap.so @pparam=proxy.config.http.insert_forwarded=by=uuid'
)
ts.Disk.remap_config.AddLine(
'map http://www.forwarded-proto.com http://127.0.0.1:{0}'.format(server.Variables.Port) +
' @plugin=conf_remap.so @pparam=proxy.config.http.insert_forwarded=proto'
)
ts.Disk.remap_config.AddLine(
'map http://www.forwarded-host.com http://127.0.0.1:{0}'.format(server.Variables.Port) +
' @plugin=conf_remap.so @pparam=proxy.config.http.insert_forwarded=host'
)
ts.Disk.remap_config.AddLine(
'map http://www.forwarded-connection-compact.com http://127.0.0.1:{0}'.format(server.Variables.Port) +
' @plugin=conf_remap.so @pparam=proxy.config.http.insert_forwarded=connection=compact'
)
ts.Disk.remap_config.AddLine(
'map http://www.forwarded-connection-std.com http://127.0.0.1:{0}'.format(server.Variables.Port) +
' @plugin=conf_remap.so @pparam=proxy.config.http.insert_forwarded=connection=std'
)
ts.Disk.remap_config.AddLine(
'map http://www.forwarded-connection-full.com http://127.0.0.1:{0}'.format(server.Variables.Port) +
' @plugin=conf_remap.so @pparam=proxy.config.http.insert_forwarded=connection=full'
)
# Basic HTTP 1.1 -- No Forwarded by default
tr = Test.AddTestRun()
# Wait for the micro server
tr.Processes.Default.StartBefore(server, ready=When.PortOpen(server.Variables.Port))
# Delay on readiness of our ssl ports
tr.Processes.Default.StartBefore(Test.Processes.ts)
#
tr.Processes.Default.Command = (
'curl --verbose --ipv4 --http1.1 --proxy localhost:{} http://www.no-oride.com'.format(ts.Variables.port)
)
tr.Processes.Default.ReturnCode = 0
def TestHttp1_1(host):
tr = Test.AddTestRun()
tr.Processes.Default.Command = (
'curl --verbose --ipv4 --http1.1 --proxy localhost:{} http://{}'.format(ts.Variables.port, host)
)
tr.Processes.Default.ReturnCode = 0
# Basic HTTP 1.1 -- No Forwarded -- explicit configuration.
#
TestHttp1_1('www.forwarded-none.com')
# Test enabling of each forwarded parameter singly.
TestHttp1_1('www.forwarded-for.com')
# Note: forwaded-obsersver.py counts on the "by" tests being done in the order below.
TestHttp1_1('www.forwarded-by-ip.com')
TestHttp1_1('www.forwarded-by-unknown.com')
TestHttp1_1('www.forwarded-by-server-name.com')
TestHttp1_1('www.forwarded-by-uuid.com')
TestHttp1_1('www.forwarded-proto.com')
TestHttp1_1('www.forwarded-host.com')
TestHttp1_1('www.forwarded-connection-compact.com')
TestHttp1_1('www.forwarded-connection-std.com')
TestHttp1_1('www.forwarded-connection-full.com')
ts2 = Test.MakeATSProcess("ts2", command="traffic_manager", enable_tls=True)
baselineTsSetup(ts2)
ts2.Disk.records_config.update({
'proxy.config.url_remap.pristine_host_hdr': 1, # Retain Host header in original incoming client request.
'proxy.config.http.insert_forwarded': 'by=uuid'})
ts2.Disk.remap_config.AddLine(
'map https://www.no-oride.com http://127.0.0.1:{0}'.format(server.Variables.Port)
)
# Forwarded header with UUID of 2nd ATS.
tr = Test.AddTestRun()
# Delay on readiness of our ssl ports
tr.Processes.Default.StartBefore(Test.Processes.ts2)
#
tr.Processes.Default.Command = (
'curl --verbose --ipv4 --http1.1 --proxy localhost:{} http://www.no-oride.com'.format(ts2.Variables.port)
)
tr.Processes.Default.ReturnCode = 0
# Call traffic_ctrl to set insert_forwarded
tr = Test.AddTestRun()
tr.Processes.Default.Command = (
'traffic_ctl --debug config set proxy.config.http.insert_forwarded' +
' "for|by=ip|by=unknown|by=servername|by=uuid|proto|host|connection=compact|connection=std|connection=full"'
)
tr.Processes.Default.ForceUseShell = False
tr.Processes.Default.Env = ts2.Env
tr.Processes.Default.ReturnCode = 0
# HTTP 1.1
tr = Test.AddTestRun()
# Delay to give traffic_ctl config change time to take effect.
tr.DelayStart = 15
tr.Processes.Default.Command = (
'curl --verbose --ipv4 --http1.1 --proxy localhost:{} http://www.no-oride.com'.format(ts2.Variables.port)
)
tr.Processes.Default.ReturnCode = 0
# HTTP 1.0
tr = Test.AddTestRun()
tr.Processes.Default.Command = (
'curl --verbose --ipv4 --http1.0 --proxy localhost:{} http://www.no-oride.com'.format(ts2.Variables.port)
)
tr.Processes.Default.ReturnCode = 0
# HTTP 1.0 -- Forwarded headers already present
tr = Test.AddTestRun()
tr.Processes.Default.Command = (
"curl --verbose -H 'forwarded:for=0.6.6.6' -H 'forwarded:for=_argh' --ipv4 --http1.0" +
" --proxy localhost:{} http://www.no-oride.com".format(ts2.Variables.port)
)
tr.Processes.Default.ReturnCode = 0
# HTTP 2
tr = Test.AddTestRun()
tr.Processes.Default.Command = (
'curl --verbose --ipv4 --http2 --insecure --header "Host: www.no-oride.com"' +
' https://localhost:{}'.format(ts2.Variables.ssl_port)
)
tr.Processes.Default.ReturnCode = 0
# TLS
tr = Test.AddTestRun()
tr.Processes.Default.Command = (
'curl --verbose --ipv4 --http1.1 --insecure --header "Host: www.no-oride.com" https://localhost:{}'
.format(ts2.Variables.ssl_port)
)
tr.Processes.Default.ReturnCode = 0
# IPv6
tr = Test.AddTestRun()
tr.Processes.Default.Command = (
'curl --verbose --ipv6 --http1.1 --proxy localhost:{} http://www.no-oride.com'.format(ts2.Variables.portv6)
)
tr.Processes.Default.ReturnCode = 0
tr = Test.AddTestRun()
tr.Processes.Default.Command = (
'curl --verbose --ipv6 --http1.1 --insecure --header "Host: www.no-oride.com" https://localhost:{}'.format(
ts2.Variables.ssl_portv6)
)
tr.Processes.Default.ReturnCode = 0