# # Server-side <reply> <data> HTTP/1.1 302 OK swsclose Location: ../../../../../../../510002 Date: Thu, 09 Nov 2010 14:50:00 GMT Connection: close </data> <data2> HTTP/1.1 200 OK swsclose Location: this should be ignored Date: Thu, 09 Nov 2010 14:50:00 GMT Connection: close body </data2> <datacheck> HTTP/1.1 302 OK swsclose Location: ../../../../../../../510002 Date: Thu, 09 Nov 2010 14:50:00 GMT Connection: close HTTP/1.1 200 OK swsclose Location: this should be ignored Date: Thu, 09 Nov 2010 14:50:00 GMT Connection: close body </datacheck> </reply> # # Client-side <client> <server> http </server> <name> HTTP follow redirect with exessive ../ </name> <command> http://%HOSTIP:%HOSTPORT/we/are/all/twits/51 -L </command> </client> # # Verify data after the test has been "shot" <verify> <strip> ^User-Agent:.* </strip> <protocol> GET /we/are/all/twits/51 HTTP/1.1 Host: 127.0.0.1:8999 Pragma: no-cache Accept: */* GET /510002 HTTP/1.1 User-Agent: curl/7.10 (i686-pc-linux-gnu) libcurl/7.10 OpenSSL/0.9.6c ipv6 zlib/1.1.3 Host: 127.0.0.1:8999 Pragma: no-cache Accept: */* </protocol> </verify>