lighttpd1.4/tests/mod-extforward.t

#!/usr/bin/env perl
BEGIN {
	# add current source dir to the include-path
	# we need this for make distcheck
	(my $srcdir = $0) =~ s,/[^/]+$,/,;
	unshift @INC, $srcdir;
}

use strict;
use IO::Socket;
use Test::More tests => 6;
use LightyTest;

my $tf = LightyTest->new();
my $t;

$tf->{CONFIGFILE} = 'mod-extforward.conf';

ok($tf->start_proc == 0, "Starting lighttpd") or die();

$t->{REQUEST} = ( <<EOF
GET /ip.pl HTTP/1.0
Host: www.example.org
X-Forwarded-For: 127.0.10.1
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '127.0.10.1' } ];
ok($tf->handle_http($t) == 0, 'expect 127.0.10.1, from single ip');

$t->{REQUEST} = ( <<EOF
GET /ip.pl HTTP/1.0
Host: www.example.org
X-Forwarded-For: 127.0.10.1, 127.0.20.1
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '127.0.20.1' } ];
ok($tf->handle_http($t) == 0, 'expect 127.0.20.1, from two ips');

$t->{REQUEST} = ( <<EOF
GET /ip.pl HTTP/1.0
Host: www.example.org
X-Forwarded-For: 127.0.10.1, 127.0.20.1, 127.0.30.1
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '127.0.20.1' } ];
ok($tf->handle_http($t) == 0, 'expect 127.0.20.1, from chained proxies');

$t->{REQUEST} = ( <<EOF
GET /ip.pl HTTP/1.0
Host: www.example.org
Forwarded: for=127.0.10.1, for=127.0.20.1;proto=https, for=127.0.30.1;proto=http
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '127.0.20.1' } ];
ok($tf->handle_http($t) == 0, 'expect 127.0.20.1, from chained proxies');

ok($tf->stop_proc == 0, "Stopping lighttpd");
- add test for extforward module git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2044 152afb58-edef-0310-8abb-c4023f1b3aa9 16 years ago			`#!/usr/bin/env perl`
			`BEGIN {`
			`# add current source dir to the include-path`
			`# we need this for make distcheck`
			`(my $srcdir = $0) =~ s,/[^/]+$,/,;`
			`unshift @INC, $srcdir;`
			`}`

			`use strict;`
			`use IO::Socket;`
[mod_extforward] support Forwarded HTTP Extension (#2703) enable with, e.g.: extforward.headers = ( "Forwarded" ) or extforward.headers = ( "Forwarded", "X-Forwarded-For" ) or extforward.headers = ( "Forwarded", "X-Forwarded-For", "Forwarded-For" ) The default remains: extforward.headers = ( "X-Forwarded-For", "Forwarded-For" ) Support for "Forwarded" is not enabled by default since intermediate proxies might not be aware of Forwarded, and might therefore pass spoofed Forwarded header received from client. extforward.params = ( # overwrite "Host" with Forwarded value #"host" => 1 # set REMOTE_USER with Forwarded value #"remote_user" => 1 ) Note: be cautious configuring trusted proxies if enabling these options since Forwarded header may be spoofed and passed along indescriminantly by proxies which do not handle Forwarded. To remove "Forwarded" from incoming requests, do not enable these options and instead use mod_setenv to clear the request header: setenv.set-request-header = ( "Forwarded" => "" ) Other proxy-related headers which admin might evaluate to keep or clear: setenv.set-request-header = ( "X-Forwarded-For" => "", "X-Forwarded-By" => "", "X-Forwarded-Server" => "", "X-Origin-IP" => "", "Via" => "", #... ) x-ref: "Forwarded HTTP Extension" https://tools.ietf.org/html/rfc7239 "Forward authenticated user to proxied requests" https://redmine.lighttpd.net/issues/2703 6 years ago			`use Test::More tests => 6;`
- add test for extforward module git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2044 152afb58-edef-0310-8abb-c4023f1b3aa9 16 years ago			`use LightyTest;`

			`my $tf = LightyTest->new();`
			`my $t;`

			`$tf->{CONFIGFILE} = 'mod-extforward.conf';`

			`ok($tf->start_proc == 0, "Starting lighttpd") or die();`

			`$t->{REQUEST} = ( <<EOF`
			`GET /ip.pl HTTP/1.0`
			`Host: www.example.org`
			`X-Forwarded-For: 127.0.10.1`
			`EOF`
			`);`
			`$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '127.0.10.1' } ];`
- support chained proxies in mod_extforward (#1528) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2061 152afb58-edef-0310-8abb-c4023f1b3aa9 16 years ago			`ok($tf->handle_http($t) == 0, 'expect 127.0.10.1, from single ip');`
- add test for extforward module git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2044 152afb58-edef-0310-8abb-c4023f1b3aa9 16 years ago
			`$t->{REQUEST} = ( <<EOF`
			`GET /ip.pl HTTP/1.0`
			`Host: www.example.org`
			`X-Forwarded-For: 127.0.10.1, 127.0.20.1`
			`EOF`
			`);`
			`$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '127.0.20.1' } ];`
- support chained proxies in mod_extforward (#1528) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2061 152afb58-edef-0310-8abb-c4023f1b3aa9 16 years ago			`ok($tf->handle_http($t) == 0, 'expect 127.0.20.1, from two ips');`

			`$t->{REQUEST} = ( <<EOF`
			`GET /ip.pl HTTP/1.0`
			`Host: www.example.org`
			`X-Forwarded-For: 127.0.10.1, 127.0.20.1, 127.0.30.1`
			`EOF`
			`);`
			`$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '127.0.20.1' } ];`
			`ok($tf->handle_http($t) == 0, 'expect 127.0.20.1, from chained proxies');`
- add test for extforward module git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2044 152afb58-edef-0310-8abb-c4023f1b3aa9 16 years ago
[mod_extforward] support Forwarded HTTP Extension (#2703) enable with, e.g.: extforward.headers = ( "Forwarded" ) or extforward.headers = ( "Forwarded", "X-Forwarded-For" ) or extforward.headers = ( "Forwarded", "X-Forwarded-For", "Forwarded-For" ) The default remains: extforward.headers = ( "X-Forwarded-For", "Forwarded-For" ) Support for "Forwarded" is not enabled by default since intermediate proxies might not be aware of Forwarded, and might therefore pass spoofed Forwarded header received from client. extforward.params = ( # overwrite "Host" with Forwarded value #"host" => 1 # set REMOTE_USER with Forwarded value #"remote_user" => 1 ) Note: be cautious configuring trusted proxies if enabling these options since Forwarded header may be spoofed and passed along indescriminantly by proxies which do not handle Forwarded. To remove "Forwarded" from incoming requests, do not enable these options and instead use mod_setenv to clear the request header: setenv.set-request-header = ( "Forwarded" => "" ) Other proxy-related headers which admin might evaluate to keep or clear: setenv.set-request-header = ( "X-Forwarded-For" => "", "X-Forwarded-By" => "", "X-Forwarded-Server" => "", "X-Origin-IP" => "", "Via" => "", #... ) x-ref: "Forwarded HTTP Extension" https://tools.ietf.org/html/rfc7239 "Forward authenticated user to proxied requests" https://redmine.lighttpd.net/issues/2703 6 years ago			`$t->{REQUEST} = ( <<EOF`
			`GET /ip.pl HTTP/1.0`
			`Host: www.example.org`
			`Forwarded: for=127.0.10.1, for=127.0.20.1;proto=https, for=127.0.30.1;proto=http`
			`EOF`
			`);`
			`$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-Content' => '127.0.20.1' } ];`
			`ok($tf->handle_http($t) == 0, 'expect 127.0.20.1, from chained proxies');`

- add test for extforward module git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2044 152afb58-edef-0310-8abb-c4023f1b3aa9 16 years ago			`ok($tf->stop_proc == 0, "Stopping lighttpd");`