def test_500_109(self): # test case: redirect on SSL-only domain # setup: prepare config domain = "test500-109-" + TestDrive.dns_uniq name = "www." + domain conf = HttpdConf( TestDrive.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "manual" ) conf.add_md( [name] ) conf.add_vhost(TestEnv.HTTP_PORT, name, aliasList=[], docRoot="htdocs/test", withSSL=False) conf.add_vhost(TestEnv.HTTPS_PORT, name, aliasList=[], docRoot="htdocs/test", withSSL=True) conf.install() # setup: create resource files self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "test"), "name.txt", name) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR), "name.txt", "not-forbidden.org") assert TestEnv.apache_restart() == 0 # drive it assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0 assert TestEnv.apache_restart() == 0 # test HTTP access - no redirect assert TestEnv.get_content("not-forbidden.org", "/name.txt", useHTTPS=False) == "not-forbidden.org" assert TestEnv.get_content(name, "/name.txt", useHTTPS=False) == name r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert int(r['http_headers']['Content-Length']) == len(name) assert "Location" not in r['http_headers'] # test HTTPS access assert TestEnv.get_content(name, "/name.txt", useHTTPS=True) == name # test HTTP access again -> redirect to default HTTPS port conf.add_require_ssl("temporary") conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 302 expLocation = "https://%s/name.txt" % name assert r['http_headers']['Location'] == expLocation # should not see this assert not 'Strict-Transport-Security' in r['http_headers'] # test default HTTP vhost -> still no redirect assert TestEnv.get_content("not-forbidden.org", "/name.txt", useHTTPS=False) == "not-forbidden.org" r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) # also not for this assert not 'Strict-Transport-Security' in r['http_headers'] # test HTTP access again -> redirect permanent conf.add_require_ssl("permanent") conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 301 expLocation = "https://%s/name.txt" % name assert r['http_headers']['Location'] == expLocation assert not 'Strict-Transport-Security' in r['http_headers'] # should see this r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) assert r['http_headers']['Strict-Transport-Security'] == 'max-age=15768000'
def test_500_110(self): # test case: SSL-only domain, override headers generated by mod_md # setup: prepare config if not TestEnv.httpd_is_at_least("2.5.0"): return domain = "test500-110-" + TestDrive.dns_uniq name = "www." + domain conf = HttpdConf(TestDrive.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_require_ssl("permanent") conf.add_md([name]) conf._add_line(" SSLEngine *:" + TestEnv.HTTPS_PORT) conf.add_vhost(TestEnv.HTTPS_PORT + " *:" + TestEnv.HTTP_PORT, name, aliasList=[], withSSL=False) conf.install() assert TestEnv.apache_restart() == 0 # drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 assert TestEnv.apache_restart() == 0 # test override HSTS header conf._add_line( ' Header set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload"' ) conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) assert r['http_headers'][ 'Strict-Transport-Security'] == 'max-age=10886400; includeSubDomains; preload' # test override Location header conf._add_line(' Redirect /a /name.txt') conf._add_line(' Redirect seeother /b /name.txt') conf.install() assert TestEnv.apache_restart() == 0 # check: default redirect by mod_md still works expLocation = "https://%s/name.txt" % name r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 301 assert r['http_headers']['Location'] == expLocation # check: redirect as given by mod_alias expLocation = "https://%s/a" % name r = TestEnv.get_meta(name, "/a", useHTTPS=False) assert r[ 'http_status'] == 301 # FAIL: mod_alias generates Location header instead of mod_md assert r['http_headers']['Location'] == expLocation