REGTESTS: http-rules: verify that we block '#' by default for normalize-uri

Origin: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=b6b330eb117d520a890e5b3cd623eaa73479db1b

Since we now block fragments by default, let's add an extra test there
to confirm that it's blocked even when stripping it.

(cherry picked from commit 4d0175b54b2b4eeb01aa6e31282b0a5b0d7d8ace)
 [ad: backported to test conformance of BUG/MINOR: h1: do not accept '#'
  as part of the URI component]
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit b3f26043df74c661155566a0abd56103e8116078)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 41d161ccbbfa846b4b17ed0166ff08f6bf0c3ea1)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
Gbp-Pq: Name REGTESTS-http-rules-verify-that-we-block-by-default-.patch

diff --git a/reg-tests/http-rules/normalize_uri.vtc b/reg-tests/http-rules/normalize_uri.vtc
index 34905eaf93ae62d6e5104e88f26f9cfecc74f6a8..ad7b44acfe55da35d3c49840a414b6b52fb89c86 100644 (file)
--- a/reg-tests/http-rules/normalize_uri.vtc
+++ b/reg-tests/http-rules/normalize_uri.vtc
@@ -151,6 +151,11 @@ haproxy h1 -conf {
 
         default_backend be
 
+    frontend fe_fragment_block
+        bind "fd@${fe_fragment_block}"
+        http-request normalize-uri fragment-strip
+        default_backend be
+
     backend be
         server s1 ${s1_addr}:${s1_port}
 
@@ -536,3 +541,9 @@ client c10 -connect ${h1_fe_fragment_encode_sock} {
     expect resp.http.before == "*"
     expect resp.http.after == "*"
 } -run
+
+client c11 -connect ${h1_fe_fragment_block_sock} {
+    txreq -url "/#foo"
+    rxresp
+    expect resp.status == 400
+} -run