--- /dev/null
+{+client-body-tagger{blafasel}}
+/
+
+{+block{Request body contains blafasel}}
+TAG:^content contains blafasel$
+
+{+client-body-tagger{bumfidel}}
+/tag-bumfidel-requests/
+
+{+client-body-filter{bumfidel-to-tralala}}
+TAG:^content contains bumfidel$
--- /dev/null
+CLIENT-BODY-TAGGER: blafasel Tags requests with "content contains blafasel" if the client body contains the word "blafasel"
+s@.*blafasel.*@content contains blafasel@s
+
+CLIENT-BODY-TAGGER: bumfidel Tags requests with "content contains bumfidel" if the client body contains the word "bumfidel"
+s@.*bumfidel.*@content contains bumfidel@s
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Connection: close\r
+Content-Type: text/html\r
+X-Connection: swsclose\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL. The second one is blocked based on a tag applied with client-body-tagger{blafasel}.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d blafasel -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Content-Length: 21
+Content-Type: text/html
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Content-Length: 21\r
+Content-Type: text/html\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL on a reused connection. The second one is large and blocked based on a tag applied with the client-body-tagger{blafasel}. (based on test 2)
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "blafasel%repeat[5000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Content-Length: 21
+Content-Type: text/html
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Content-Length: 21\r
+Content-Type: text/html\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL on a reused connection. The second one is large and blocked based on a tag. Offending phrase at end of content. (based on test 3)
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%blafasel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Content-Length: 21
+Content-Type: text/html
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Content-Length: 21\r
+Content-Type: text/html\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL on a reused connection. The second one is large and blocked based on a tag. Offending phrase in the middle of the content. (based on test 4)
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]% blafasel tralala" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Content-Length: 21
+Content-Type: text/html
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Content-Length: 21\r
+Content-Type: text/html\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL on a reused connection. The second one is a POST request but it's not expected to be blocked due to a tag. (based on test 5)
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol nonewline="yes">
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+POST /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Content-Length: 35008\r
+Content-Type: application/x-www-form-urlencoded\r
+\r
+%repeat[5000 x padding]%bumfidel
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Content-Length: 21
+Content-Type: text/html
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Content-Length: 21\r
+Content-Type: text/html\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL on a reused connection. The second one is a POST request and a client-body-filter is enabled based on a tag. (based on test 6)
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/tag-bumfidel-requests/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/tag-bumfidel-requests/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol nonewline="yes">
+GET /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+POST /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Content-Length: 35007\r
+Content-Type: application/x-www-form-urlencoded\r
+\r
+%repeat[5000 x padding]%tralala
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Content-Length: 21
+Content-Type: text/html
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Content-Length: 21\r
+Content-Type: text/html\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL. The second one is a POST request with an offending word but it's too large to buffer and tag so it gets to pass. (XXX: Privoxy could execute the tagger based on the data that fits into the buffer) (based on test 7)
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "blafasel%repeat[20000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol nonewline="yes">
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+POST /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Content-Length: 140008\r
+Content-Type: application/x-www-form-urlencoded\r
+\r
+blafasel%repeat[20000 x padding]%
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Content-Length: 21
+Content-Type: text/html
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Content-Length: 21\r
+Content-Type: text/html\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL on a reused connection. The second one is a POST request with an offending word but it's chunk-encoded so it gets to pass. (based on test 8)
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -H "Transfer-Encoding: chunked" -d "blafasel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+POST /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Transfer-Encoding: chunked\r
+Content-Type: application/x-www-form-urlencoded\r
+\r
+8\r
+blafasel\r
+0\r
+\r
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Connection: close\r
+Content-Type: text/html\r
+X-Connection: swsclose\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL. The second one is large and blocked based on a tag applied with the client-body-tagger{blafasel}.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "blafasel%repeat[5000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Connection: close\r
+Content-Type: text/html\r
+X-Connection: swsclose\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL. The second one is large and blocked based on a tag. Offending phrase at end of content.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%blafasel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Connection: close\r
+Content-Type: text/html\r
+X-Connection: swsclose\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL. The second one is large and blocked based on a tag. Offending phrase in the middle of the content.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]% blafasel tralala" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Connection: close\r
+Content-Type: text/html\r
+X-Connection: swsclose\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL. The second one is a POST request but it's not expected to be blocked due to a tag.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol nonewline="yes">
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+POST /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Content-Length: 35008\r
+Content-Type: application/x-www-form-urlencoded\r
+\r
+%repeat[5000 x padding]%bumfidel
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Connection: close\r
+Content-Type: text/html\r
+X-Connection: swsclose\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL. The second one is a POST request and a client-body-filter is enabled based on a tag.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/tag-bumfidel-requests/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/tag-bumfidel-requests/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol nonewline="yes">
+GET /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+POST /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Content-Length: 35007\r
+Content-Type: application/x-www-form-urlencoded\r
+\r
+%repeat[5000 x padding]%tralala
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Connection: close\r
+Content-Type: text/html\r
+X-Connection: swsclose\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL. The second one is a POST request with an offending word but it's too large to buffer and tag so it gets to pass. (XXX: Privoxy could execute the tagger based on the data that fits into the buffer)
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d "blafasel%repeat[20000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol nonewline="yes">
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+POST /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Content-Length: 140008\r
+Content-Type: application/x-www-form-urlencoded\r
+\r
+blafasel%repeat[20000 x padding]%
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Connection: close\r
+Content-Type: text/html\r
+X-Connection: swsclose\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL. The second one is a POST request with an offending word but it's chunk-encoded so it gets to pass.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -H "Transfer-Encoding: chunked" -d "blafasel" -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+POST /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Transfer-Encoding: chunked\r
+Content-Type: application/x-www-form-urlencoded\r
+\r
+8\r
+blafasel\r
+0\r
+\r
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Content-Length: 21
+Content-Type: text/html
+
+Received your input.
+</data>
+</reply>
+
+<proxy-reply>
+<data>
+HTTP/1.1 200 Connection established\r
+\r
+HTTP/1.1 200 OK\r
+Content-Length: 21\r
+Content-Type: text/html\r
+\r
+Received your input.
+</data>
+</proxyreply>
+
+<client>
+<server>
+https
+</server>
+<name>
+Two requests to the same URL on a reused connection. The second one is blocked based on a tag applied with client-body-tagger{blafasel}. (based on test 1)
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER --next -d blafasel -s --write-out '%{stderr}%{response_code}\n' --insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPSPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
--- /dev/null
+listen-address 127.0.0.1:9119
+
+ca-directory ../ca-directory
+ca-cert-file privoxy-test-cacert.crt
+ca-key-file privoxy-test-cakey.pem
+ca-password blafasel
+# We don't check certificate anyway
+trusted-cas-file privoxy-test-cacert.crt
+
+certificate-directory ../certs
+
+debug 1 # Log the destination for each request Privoxy let through. See also debug 1024.
+debug 2 # show each connection status
+debug 4 # show tagging-related messages
+debug 8 # show header parsing
+debug 32 # debug force feature
+debug 64 # debug regular expression filters
+debug 128 # debug redirects
+debug 256 # debug GIF de-animation
+debug 512 # Common Log Format
+debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
+debug 4096 # Startup banner and warnings.
+debug 8192 # Non-fatal errors
+
+actionsfile ../blocked-https-requests/https-inspection.action
+actionsfile ../client-body-tagger/client-body-tagger.action
+filterfile ../client-body-tagger/client-body-tagger.filter
+filterfile ../client-body-filter/client-body-filter.filter
+
+socket-timeout 3
+
+templdir ../../../templates/
+
+# Reduce buffer limit so tests can reach it sooner.
+buffer-limit 100
+
+keep-alive-timeout 10
+default-server-timeout 10
projects / privoxy.git / commitdiff