Re: mod_lua and subprocess_env

[Andrei Ivanov <andrei.ivanov@xxxxxxxxx>]

On Thu, Feb 16, 2017 at 5:20 PM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:

On Thu, Feb 16, 2017 at 2:46 PM, Andrei Ivanov <andrei.ivanov@xxxxxxxxx> wrote:
>
> I gave it a try, but seems to reach the same limitation of the _expression_
> engine :-(
> NSSRequire %{REMOTE_ADDR} in PeerExtList('2.5.29.17')
> or
> Require expr "%{REMOTE_ADDR} in PeerExtList('2.5.29.17')"
>
> AH00526: Syntax error on line 229 of /etc/httpd/conf.d/nss.conf:
> Cannot parse _expression_ in require line: syntax error, unexpected $end

This (PeerExtList), for once, is a mod_ssl (and possibly not mod_nss?)
extension...

Hmm, indeed.

This one still doesn't work:
Require expr "%{REMOTE_ADDR} in PeerExtList('2.5.29.17')"

AH00526: Syntax error on line 145 of /etc/httpd/conf.d/ssl.conf:
Cannot parse _expression_ in require line: syntax error, unexpected $end

But this one passes the configuration check:
SSLRequire %{REMOTE_ADDR} in PeerExtList('2.5.29.17')

The problem now is that I can't get it to pass when testing it with requests :-(
[Thu Feb 16 18:12:38.928842 2017] [ssl:info] [pid 29931] [client 159.107.78.128:60511] AH02266: Access to /var/www/html/index.php denied for 159.107.78.128 (requirement _expression_ not fulfilled)
[Thu Feb 16 18:12:38.928961 2017] [ssl:info] [pid 29931] [client 159.107.78.128:60511] AH02228: Failed _expression_: %{REMOTE_ADDR} in PeerExtList('2.5.29.17')
[Thu Feb 16 18:12:38.928972 2017] [ssl:error] [pid 29931] [client 159.107.78.128:60511] AH02229: access to /var/www/html/index.php failed, reason: SSL requirement _expression_ not fulfilled

The client certificate gets validated, but the _expression_ fails.

Is there a way to debug this? To print the values from the _expression_ in the logs maybe?

 

Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx