Custom HTTP redirects

[krizhanovsky]

While HSTS (RFC 6797) can be implemented just by adding Strict-Transport-Security header, there also must be implemented redirect from HTTP port to the same URL by HTTPS (HTTP redirects are common practice for HSTS implementation).

Please add a functional test for HSTS checking that the right header is added to all the responses and HTTP request is correctly redirected to HTTPS.

The Wiki update is required - we have to add redirect statement.

[krizhanovsky]

Adding the header is just enough, see Nginx's doc for example. So I added the header description to the Wiki pages

• https://github.com/tempesta-tech/tempesta/wiki/Modify-HTTP-Messages
• https://github.com/tempesta-tech/tempesta/wiki/HTTP-security

and close the task.

[krizhanovsky]

Actually, while we're send HTTP redirects on JS and cookie challenges, we're still unable to send custom redirects, e.g. if a user wants to redirect all HTTP traffic to some other HTTPS resource. Anyway HTTP redirects are very useful for HTTP proxies, so I redefine the issue and reopen it. See https://tools.ietf.org/html/rfc7231#section-6.4 and https://tools.ietf.org/html/rfc7538 for the standard for the redirections.

JS and cookie redirects shall use the same mechanism as for generic redirects.

HTTPtables redirect action

HTTPtables must be able to redirect an HTTP request by a new redirect action. Just like Nginx we should support relative and absolute redirects.

   http_chain NAME {
	[ FIELD [FIELD_NAME] == (!=) ARG ] -> CODE ["string" | url];
	...
}

, where CODE is an integer HTTP response code, e.g. 301. "string" is an enclosed in double quotes status string, e.g. "Access denied because token is expired or invalid". url is non-quoted string. See also the format for the Nginx return.

Example configuration:

http_chain {
    # Absolute path
    uri == "http://*" -> 301 = https://$host$request_uri;

    # Relative path
    uri == "*/services.html" -> 301 = /services;

    # Temporal redirection for the default index page only to a temporal landing page.
    uri == "/" -> 302 = /c++-services;
}

Variables

Note that we need to introduce the request_uri and host variables:

• request_uri - matches everything after the protocol (i.e. after http:// or https://)
• host - the value of Host header

See #907 for the design considerations.

Documentation and testing

Please update the wiki pages mentioned above and the page for HTTP tables. Please provide full example for HSTS (like there is a full configuration for Nginx in the doc).

Upon the release deploy the redirects on tempesta-tech.com site.

Testing issue is tempesta-tech/tempesta-test#214