2 files changed, 17 insertions, 0 deletions

diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
index 0b81a0047..7d15e6d44 100644
--- a/t/lib-httpd/apache.conf
+++ b/t/lib-httpd/apache.conf
@@ -119,6 +119,10 @@ RewriteRule ^/smart-redir-perm/(.*)$ /smart/$1 [R=301]
 RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302]
 RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301]
 RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301]
+RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302]
+
+RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302]
+RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302]
 
 <IfDefine SSL>
 LoadModule ssl_module modules/mod_ssl.so
diff --git a/t/t5812-proto-disable-http.sh b/t/t5812-proto-disable-http.sh
index dd5001cba..0d105d541 100755
--- a/t/t5812-proto-disable-http.sh
+++ b/t/t5812-proto-disable-http.sh
@@ -16,5 +16,18 @@ test_expect_success 'create git-accessible repo' '
 
 test_proto "smart http" http "$HTTPD_URL/smart/repo.git"
 
+test_expect_success 'curl redirects respect whitelist' '
+	test_must_fail env GIT_ALLOW_PROTOCOL=http:https \
+		git clone "$HTTPD_URL/ftp-redir/repo.git" 2>stderr &&
+	{
+		test_i18ngrep "ftp.*disabled" stderr ||
+		test_i18ngrep "your curl version is too old"
+	}
+'
+
+test_expect_success 'curl limits redirects' '
+	test_must_fail git clone "$HTTPD_URL/loop-redir/smart/repo.git"
+'
+
 stop_httpd
 test_done