mirror of https://github.com/sonertari/SSLproxy
Add e2e tests for filtering rules
End-to-end tests now require testproxy v0.0.4, which supports the new Reconnect command for the Pass filtering rule. Split mode with the -n option also supports filtering rules, so the Divert rule can enable the divert mode even with the -n option. This is because the purpose of the -n option is to convert sslproxy into an sslsplit, and we want to support filtering rules in sslsplit-like sslproxy too.pull/48/head
parent
39e1d87783
commit
dc34bc1ccf
@ -0,0 +1,171 @@
|
|||||||
|
{
|
||||||
|
"comment": "Tests for Block filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
|
||||||
|
"configs": {
|
||||||
|
"1": {
|
||||||
|
"proto": {
|
||||||
|
"proto": "tcp"
|
||||||
|
},
|
||||||
|
"client": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "8197"
|
||||||
|
},
|
||||||
|
"server": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "9197"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"proto": {
|
||||||
|
"proto": "ssl",
|
||||||
|
"verify_peer": "no"
|
||||||
|
},
|
||||||
|
"client": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "8198"
|
||||||
|
},
|
||||||
|
"server": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "9198",
|
||||||
|
"crt": "server.crt",
|
||||||
|
"key": "server.key"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"tests": {
|
||||||
|
"1": {
|
||||||
|
"comment": "Block filtering rule blocks connection with an extra SSLproxy line",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"comment": "Block filtering rule blocks connection with extra SSLproxy lines",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"comment": "Block filtering rule blocks connection with Connection header",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"4": {
|
||||||
|
"comment": "Block filtering rule blocks connection upgrading to SSL/TLS, WebSockets or HTTP/2",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"5": {
|
||||||
|
"comment": "Block filtering rule blocks connection with Keep-Alive",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"6": {
|
||||||
|
"comment": "Block filtering rule blocks connection with Accept-Encoding",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"7": {
|
||||||
|
"comment": "Block filtering rule blocks connection with Via",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"8": {
|
||||||
|
"comment": "Block filtering rule blocks connection with X-Forwarded-For",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"9": {
|
||||||
|
"comment": "Block filtering rule blocks connection with Referer",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": ""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,170 @@
|
|||||||
|
{
|
||||||
|
"comment": "Tests for Divert filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
|
||||||
|
"configs": {
|
||||||
|
"1": {
|
||||||
|
"proto": {
|
||||||
|
"proto": "tcp"
|
||||||
|
},
|
||||||
|
"client": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "8191"
|
||||||
|
},
|
||||||
|
"server": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "9191"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"proto": {
|
||||||
|
"proto": "ssl",
|
||||||
|
"crt": "server.crt",
|
||||||
|
"key": "server.key"
|
||||||
|
},
|
||||||
|
"client": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "8192"
|
||||||
|
},
|
||||||
|
"server": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "9192"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"tests": {
|
||||||
|
"1": {
|
||||||
|
"comment": "Divert filtering rule removes any extra SSLproxy line, and appends Connection: close",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"comment": "Divert filtering rule removes all extra SSLproxy lines",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"comment": "Divert filtering rule changes Connection header to close",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"4": {
|
||||||
|
"comment": "Divert filtering rule suppresses upgrading to SSL/TLS, WebSockets or HTTP/2",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"5": {
|
||||||
|
"comment": "Divert filtering rule removes Keep-Alive",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"6": {
|
||||||
|
"comment": "Divert filtering rule does not remove Accept-Encoding by default (it's a config option)",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"7": {
|
||||||
|
"comment": "Divert filtering rule removes Via",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"8": {
|
||||||
|
"comment": "Divert filtering rule removes X-Forwarded-For",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"9": {
|
||||||
|
"comment": "Divert filtering rule removes Referer",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,217 @@
|
|||||||
|
{
|
||||||
|
"comment": "Tests for Pass filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
|
||||||
|
"configs": {
|
||||||
|
"1": {
|
||||||
|
"proto": {
|
||||||
|
"proto": "tcp"
|
||||||
|
},
|
||||||
|
"client": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "8195"
|
||||||
|
},
|
||||||
|
"server": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "9195"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"proto": {
|
||||||
|
"proto": "ssl",
|
||||||
|
"verify_peer": "no"
|
||||||
|
},
|
||||||
|
"client": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "8196"
|
||||||
|
},
|
||||||
|
"server": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "9196",
|
||||||
|
"crt": "server.crt",
|
||||||
|
"key": "server.key"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"tests": {
|
||||||
|
"1": {
|
||||||
|
"comment": "Pass filtering rule does not remove any extra SSLproxy line, and does not append Connection: close",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "reconnect",
|
||||||
|
"payload": "",
|
||||||
|
"comment": "Pass rules cause sslproxy to disconnect/reconnect to the server, so the reconnect cmd instructs the server to allow it"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"comment": "Pass filtering rule does not remove any extra SSLproxy lines",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "reconnect",
|
||||||
|
"payload": ""
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"comment": "Pass filtering rule does not change Connection header to close",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "reconnect",
|
||||||
|
"payload": ""
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"4": {
|
||||||
|
"comment": "Pass filtering rule does not suppress upgrading to SSL/TLS, WebSockets or HTTP/2",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "reconnect",
|
||||||
|
"payload": ""
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"5": {
|
||||||
|
"comment": "Pass filtering rule does not remove Keep-Alive",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "reconnect",
|
||||||
|
"payload": ""
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n"
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"6": {
|
||||||
|
"comment": "Pass filtering rule does not remove Accept-Encoding",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "reconnect",
|
||||||
|
"payload": ""
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"7": {
|
||||||
|
"comment": "Pass filtering rule does not remove Via",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "reconnect",
|
||||||
|
"payload": ""
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"8": {
|
||||||
|
"comment": "Pass filtering rule does not remove X-Forwarded-For",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "reconnect",
|
||||||
|
"payload": ""
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"9": {
|
||||||
|
"comment": "Pass filtering rule does not remove Referer",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "reconnect",
|
||||||
|
"payload": ""
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,170 @@
|
|||||||
|
{
|
||||||
|
"comment": "Tests for Split filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer",
|
||||||
|
"configs": {
|
||||||
|
"1": {
|
||||||
|
"proto": {
|
||||||
|
"proto": "tcp"
|
||||||
|
},
|
||||||
|
"client": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "8193"
|
||||||
|
},
|
||||||
|
"server": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "9193"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"proto": {
|
||||||
|
"proto": "ssl",
|
||||||
|
"crt": "server.crt",
|
||||||
|
"key": "server.key"
|
||||||
|
},
|
||||||
|
"client": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "8194"
|
||||||
|
},
|
||||||
|
"server": {
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port": "9194"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"tests": {
|
||||||
|
"1": {
|
||||||
|
"comment": "Split filtering rule removes any extra SSLproxy line, and appends Connection: close",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"comment": "Split filtering rule removes all extra SSLproxy lines",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"3": {
|
||||||
|
"comment": "Split filtering rule changes Connection header to close",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"4": {
|
||||||
|
"comment": "Split filtering rule suppresses upgrading to SSL/TLS, WebSockets or HTTP/2",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"5": {
|
||||||
|
"comment": "Split filtering rule removes Keep-Alive",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"6": {
|
||||||
|
"comment": "Split filtering rule does not remove Accept-Encoding by default (it's a config option)",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"7": {
|
||||||
|
"comment": "Split filtering rule does not remove Via (it is removed by child conns)",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"8": {
|
||||||
|
"comment": "Split filtering rule does not remove X-Forwarded-For (it is removed by child conns)",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"9": {
|
||||||
|
"comment": "Split filtering rule removes Referer",
|
||||||
|
"states": {
|
||||||
|
"1": {
|
||||||
|
"testend": "client",
|
||||||
|
"cmd": "send",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n"
|
||||||
|
},
|
||||||
|
"2": {
|
||||||
|
"testend": "server",
|
||||||
|
"cmd": "recv",
|
||||||
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue