1#!/usr/bin/env perl 2BEGIN { 3 # add current source dir to the include-path 4 # we need this for make distcheck 5 (my $srcdir = $0) =~ s,/[^/]+$,/,; 6 unshift @INC, $srcdir; 7} 8 9use strict; 10use IO::Socket; 11use Test::More tests => 19; 12use LightyTest; 13 14my $tf = LightyTest->new(); 15my $t; 16 17$tf->{CONFIGFILE} = 'condition.conf'; 18ok($tf->start_proc == 0, "Starting lighttpd") or die(); 19 20$t->{REQUEST} = ( <<EOF 21GET /index.html HTTP/1.0 22Host: www.example.org 23EOF 24 ); 25$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 301, 'Location' => "/match_1" } ]; 26ok($tf->handle_http($t) == 0, 'config deny'); 27 28$t->{REQUEST} = ( <<EOF 29GET /index.html HTTP/1.0 30Host: test1.example.org 31EOF 32 ); 33$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 301, 'Location' => "/match_2" } ]; 34ok($tf->handle_http($t) == 0, '2nd child of chaining'); 35 36$t->{REQUEST} = ( <<EOF 37GET /index.html HTTP/1.0 38Host: test2.example.org 39EOF 40 ); 41$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 301, 'Location' => "/match_3" } ]; 42ok($tf->handle_http($t) == 0, '3rd child of chaining'); 43 44$t->{REQUEST} = ( <<EOF 45GET /index.html HTTP/1.0 46Host: test3.example.org 47EOF 48 ); 49$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 301, 'Location' => "/match_5" } ]; 50ok($tf->handle_http($t) == 0, 'nesting'); 51 52$t->{REQUEST} = ( <<EOF 53GET /subdir/index.html HTTP/1.0 54Host: test4.example.org 55EOF 56 ); 57$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 301, 'Location' => "/match_7" } ]; 58ok($tf->handle_http($t) == 0, 'url subdir'); 59 60$t->{REQUEST} = ( <<EOF 61GET /subdir/../css/index.html HTTP/1.0 62Host: test4.example.org 63EOF 64 ); 65$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 301, 'Location' => "/match_6" } ]; 66ok($tf->handle_http($t) == 0, 'url subdir with path traversal'); 67 68ok($tf->stop_proc == 0, "Stopping lighttpd"); 69 70$tf->{CONFIGFILE} = 'lighttpd.conf'; 71ok($tf->start_proc == 0, "Starting lighttpd") or die(); 72 73$t->{REQUEST} = ( <<EOF 74GET /nofile.png HTTP/1.0 75Host: referer.example.org 76EOF 77 ); 78$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ]; 79ok($tf->handle_http($t) == 0, 'condition: Referer - no referer'); 80 81$t->{REQUEST} = ( <<EOF 82GET /nofile.png HTTP/1.0 83Host: referer.example.org 84Referer: http://referer.example.org/ 85EOF 86 ); 87$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ]; 88ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex'); 89 90$t->{REQUEST} = ( <<EOF 91GET /image.jpg HTTP/1.0 92Host: www.example.org 93EOF 94 ); 95$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ]; 96ok($tf->handle_http($t) == 0, 'condition: Referer - no referer'); 97 98$t->{REQUEST} = ( <<EOF 99GET /image.jpg HTTP/1.0 100Host: www.example.org 101Referer: http://referer.example.org/ 102EOF 103 ); 104$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ]; 105ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex'); 106 107$t->{REQUEST} = ( <<EOF 108GET /image.jpg HTTP/1.0 109Host: www.example.org 110Referer: http://evil-referer.example.org/ 111EOF 112 ); 113$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; 114ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match'); 115 116$t->{REQUEST} = ( <<EOF 117GET /nofile HTTP/1.1 118Host: bug255.example.org 119 120GET /nofile HTTP/1.1 121Host: bug255.example.org 122Connection: close 123EOF 124 ); 125$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 403 }, { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 403 } ]; 126ok($tf->handle_http($t) == 0, 'remote ip cache (#255)'); 127 128$t->{REQUEST} = ( <<EOF 129GET /empty-ref.noref HTTP/1.0 130Cookie: empty-ref 131EOF 132 ); 133$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; 134ok($tf->handle_http($t) == 0, 'condition: $HTTP["referer"] == "" and Referer is no set'); 135 136$t->{REQUEST} = ( <<EOF 137GET /empty-ref.noref HTTP/1.0 138Cookie: empty-ref 139Referer: 140EOF 141 ); 142$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; 143ok($tf->handle_http($t) == 0, 'condition: $HTTP["referer"] == "" and Referer is empty'); 144 145$t->{REQUEST} = ( <<EOF 146GET /empty-ref.noref HTTP/1.0 147Cookie: empty-ref 148Referer: foobar 149EOF 150 ); 151$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ]; 152ok($tf->handle_http($t) == 0, 'condition: $HTTP["referer"] == "" and Referer: foobar'); 153 154ok($tf->stop_proc == 0, "Stopping lighttpd"); 155 156