1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
varnishtest "Test IPv4/IPv6 except param for the forwardfor and originalto options"
# This config tests the except parameter for the HTTP forwardfor and originalto
# options.
feature ignore_unknown_macro
haproxy h1 -conf {
global
.if feature(THREAD)
thread-groups 1
.endif
# WT: limit false-positives causing "HTTP header incomplete" due to
# idle server connections being randomly used and randomly expiring
# under us.
tune.idle-pool.shared off
defaults
mode http
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
frontend fe1
bind "fd@${fe1}"
http-request set-src hdr(x-src)
http-request set-dst hdr(x-dst)
use_backend be1 if { path /req1 }
use_backend be2 if { path /req2 }
use_backend be3 if { path /req3 }
use_backend be4 if { path /req4 }
use_backend be5 if { path /req5 }
frontend fe2
bind "fd@${fe2}"
http-request return status 200 hdr x-ff "%[req.hdr(x-forwarded-for)]" hdr x-ot "%[req.hdr(x-original-to)]"
backend be1
option forwardfor except 127.0.0.1
option originalto except 127.0.0.1
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend be2
option forwardfor except 10.0.0.1/25
option originalto except 10.0.0.1/25
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend be3
option forwardfor except ::1
option originalto except ::1
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend be4
option forwardfor except 2001:db8::1:0:0:1
option originalto except 2001:db8::1:0:0:1
server s1 ${h1_fe2_addr}:${h1_fe2_port}
backend be5
option forwardfor except 2001:db8:1f89::/48
option originalto except 2001:db8:1f89::/48
server s1 ${h1_fe2_addr}:${h1_fe2_port}
} -start
client c1 -connect ${h1_fe1_sock} {
txreq -req GET -url /req1 \
-hdr "x-src: 127.0.0.1" \
-hdr "x-dst: 127.0.0.1"
rxresp
expect resp.status == 200
expect resp.http.x-ff == <undef>
expect resp.http.x-ot == <undef>
txreq -req GET -url /req1 \
-hdr "x-src: 127.0.0.2" \
-hdr "x-dst: 127.0.0.2"
rxresp
expect resp.status == 200
expect resp.http.x-ff == "127.0.0.2"
expect resp.http.x-ot == "127.0.0.2"
txreq -req GET -url /req2 \
-hdr "x-src: 10.0.0.1" \
-hdr "x-dst: 10.0.0.1"
rxresp
expect resp.status == 200
expect resp.http.x-ff == <undef>
expect resp.http.x-ot == <undef>
txreq -req GET -url /req2 \
-hdr "x-src: 10.0.0.128" \
-hdr "x-dst: 10.0.0.128"
rxresp
expect resp.status == 200
expect resp.http.x-ff == "10.0.0.128"
expect resp.http.x-ot == "10.0.0.128"
txreq -req GET -url /req3 \
-hdr "x-src: ::1" \
-hdr "x-dst: ::1"
rxresp
expect resp.status == 200
expect resp.http.x-ff == <undef>
expect resp.http.x-ot == <undef>
txreq -req GET -url /req3 \
-hdr "x-src: ::2" \
-hdr "x-dst: ::2"
rxresp
expect resp.status == 200
expect resp.http.x-ff == "::2"
expect resp.http.x-ot == "::2"
txreq -req GET -url /req4 \
-hdr "x-src: 2001:db8::1:0:0:1" \
-hdr "x-dst: 2001:db8::1:0:0:1"
rxresp
expect resp.status == 200
expect resp.http.x-ff == <undef>
expect resp.http.x-ot == <undef>
txreq -req GET -url /req4 \
-hdr "x-src: 2001:db8::1:0:0:2" \
-hdr "x-dst: 2001:db8::1:0:0:2"
rxresp
expect resp.status == 200
expect resp.http.x-ff == "2001:db8::1:0:0:2"
expect resp.http.x-ot == "2001:db8::1:0:0:2"
txreq -req GET -url /req5 \
-hdr "x-src: 2001:db8:1f89::1" \
-hdr "x-dst: 2001:db8:1f89::1"
rxresp
expect resp.status == 200
expect resp.http.x-ff == <undef>
expect resp.http.x-ot == <undef>
txreq -req GET -url /req5 \
-hdr "x-src: 2001:db8:1f90::1" \
-hdr "x-dst: 2001:db8:1f90::1"
rxresp
expect resp.status == 200
expect resp.http.x-ff == "2001:db8:1f90::1"
expect resp.http.x-ot == "2001:db8:1f90::1"
} -run
|
