filtering by IP SAN entries in the client certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I have a requirement to check incoming requests, something that would be succinctly expressed this way:

<Location />
    Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
</Location>

This would check that the request IP address is among the IP addresses in the client certificate.

Unfortunately, this doesn't work:
1. SSL_CLIENT_SAN_IPaddr is not exposed by mod_ssl, but I've switched to mod_nss, which exports it
2. The _expression_ evaluation engine doesn't know how to evaluate this kind of _expression_
3. I've tried using mod_lua for the _expression_, but it can't access this kind of environment variables (and the SSL specific only if exposed by mod_ssl, not other modules, like mod_nss)

I have ran out of ideas on what to try.

Please help.

Thank you.
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux