On 02/14/2017 12:38 PM, Andrei Ivanov wrote:
> Hi,
> I'm trying to create a lua authorization script but I can't seem to
> access the request environment:
>
> require 'apache2'
>
> function authz_check_remote_ip_in_client_san(r)
> r:err("remote_ip_in_client_san running...");
> r:alert("uri: " .. r.uri);
> r:alert("useragent_ip: " .. r.useragent_ip);
> local ip = r.subprocess_env["REMOTE_ADDRESS"];
> r:crit("REMOTE_ADDRESS: " .. (ip or "N/A"));
> r:emerg("SSL_CLIENT_SAN_IPaddr: " ..
> (r.subprocess_env["SSL_CLIENT_SAN_IPaddr"] or "N/A"));
use r:ssl_var_lookup("SSL_CLIENT_SAN_IPaddr") instead.
r:ssl_var_lookup does the special SSL vars.
With regards,
Daniel.
>
> return apache2.AUTHZ_GRANTED
> end
>
> The logs show entries like this for the values accessed from
> r.subprocess_env:
> REMOTE_ADDRESS: N/A
> SSL_CLIENT_SAN_IPaddr: N/A
>
>
> LuaScope thread
> LuaAuthzProvider remote_ip_in_client_san
> /etc/httpd/authz/authz_check_remote_ip_in_client_san.lua
> authz_check_remote_ip_in_client_san
> <Location />
> Require remote_ip_in_client_san
>
> # these don't seem to work so I'm trying to implement them in a LUA
> script
> #NSSRequire %{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}
> #Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
> </Location>
>
> What am I doing wrong?
>
> Thank you in advance.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|