On Fri, Mar 10, 2017 at 12:35 PM, Andrei Ivanov <andrei.ivanov@xxxxxxxxx> wrote:On Tue, Mar 7, 2017 at 7:08 PM, Andrei Ivanov <andrei.ivanov@xxxxxxxxx> wrote:On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:Hi Andrei,On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov <andrei.ivanov@xxxxxxxxx> wrote:On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov <andrei.ivanov@xxxxxxxxx> wrote:On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov <andrei.ivanov@xxxxxxxxx> wrote:On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov <andrei.ivanov@xxxxxxxxx> wrote:On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov <andrei.ivanov@xxxxxxxxx> wrote:On Feb 24, 2017 22:54, "Yann Ylavic" <ylavic.dev@xxxxxxxxx> wrote:On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov <andrei.ivanov@xxxxxxxxx> wrote:Could you please add:
>
> I've managed to apply your patch and rebuild Apache and now I have:
> Header set Client-IP "expr=%{REMOTE_ADDR}"
> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
> Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in PeerExtList('2.5.29.17')"
?
If it outputed "Expr: IP Addressfalse" that'd be issue with operators'
precedence.
I'll try on my side, but you may beat me to it since you have the environment...Ugh, it's my work environment, I'll be able to access it only on Monday.Tried now, I've adapted your suggestion a bit as it doesn't seem correct:
Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in %{PeerExtList:2.5.29.17}"This results in:
Expr: 'IP Address:'.159.107.78.127 -in email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 As far as I understand, it doesn't perform the concatenation properly.I've tried
Header set Expr "expr='%{IP Address:'.%{REMOTE_ADDR}} -in %{PeerExtList:2.5.29.17}"But I get a parse error at startup:
Can't parse value _expression_ : syntax error, unexpected T_ERROR, expecting T_VAR_END or ':': Invalid character in variable name ' 'But I think mod_headers has some different way of interpreting expressions, because this doesn't work:
Header set matched false
<If "'IP Address:'.%{REMOTE_ADDR} -in%{PeerExtList:2.5.29.17}">
Header set matched true
</If>
Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN, expecting T_ID or '{Yann? Any clues? :-)Ping 😐Hello?Yes sorry, was busy these days ;)I understand, who isn't? :-)Mixing different types (string, boolean, list) of expressions is not working currently, and requires changes in the parser (I'll try to work on this soon).In the meantime, maybe with my patch you could try to (uglily) match "%{PeerExtList:2.5.29.17}" (as a string, hence with the operator "~=") against something like "IP Address:".%{REMOTE_ADDR}(,|$) ?I've experimented a bit more with your suggestion, still doesn't work :-(
Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in %{PeerExtList:2.5.29.17}"
Header set Expr2 "expr=%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/"
Header set Expr3 "expr=%{PeerExtList:2.5.29.17} =~ /159.107.78.131/"
Expr1: 'IP Address:'.159.107.78.131 -in email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
Expr2: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
Expr3: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/ So for mod_headers the _expression_ isn't fully evaluated...
Header set matched-dynamic false
<If "%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/">
Header set matched-dynamic true
</If>
Header set matched-static false
<If "%{PeerExtList:2.5.29.17} =~ /159.107.78.131/">
Header set matched-static true
</If>
matched-dynamic: false
matched-static: trueThe match against a dynamic _expression_ fails.
Require expr "PeerExtList('2.5.29.17') =~ /'IP Address:'.%{REMOTE_ADDR}(,|$)/"
Require expr "PeerExtList('2.5.29.17') =~ /'IP Address:159.107.78.131'(,|$)/"These both fail :-(Thank you for your patience.Hello?😕Yann? I'm getting squeezed here, please help 😩