-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Tests] Functional tests for JS Challenge #923
Comments
#880 is duplicate for the issue, its original requirements: Please develop a functional test for the #536 . A case for a web site with an index.html referencing non-challengable The change also affects HTTP sessions handling, so please reimplement |
We have a lot of support issues for JS challenge, so the task is crucial |
Crucial due to #1102 |
Need to implement functional tests for #536 . Pay attention to #536 (comment) : not all the requests may be challenged.
See https://github.com/tempesta-tech/tempesta/blob/master/tempesta_fw/http.c#L2140-L2154 for more information how TempestaFW responds to sticky cookie and JS challenge violations.
The test must implement following cases:
Client side:
delay_limit
cookie_timestamp + delay_min + cookie_timestamp % delay_range
. Keep in mind Sessions rate limit #598: with that improvement client must be blocked and never be authorised. Tempesta must close connection (or respond with error) for every request from that client. After discussion we decide that we should close connection after first request. Response should be sent only for first request.attacker: send requests afterdelay_limit
elapsed. Same expectations as above.delay_limit
was removedJS is disabled of the clientThis is invalid case. JS MUST be enabled for client.Tempesta Side:
Per-Vhost JS challenge configurationWe have per-vhost tests for theSticky
directive in thesessions.test_cookies
JS Challenge code tests:
Client has many cookies, some of them has parametersTheCookie
header does not have parameters.Session identification:
The text was updated successfully, but these errors were encountered: