2017-02-24 23:27 GMT+01:00 Luca Toscano <toscano.l...@gmail.com>: > Hi everybody, > > the following users@ question is interesting in my opinion: > > 2017-02-20 18:17 GMT+01:00 Mike Schlottman <mschl...@spe.org>: > >> >> The problem comes when I combine these 2 so that all users except those >> coming from 127.*.*.* or 192.168.*.* see the nice error page. >> >> <If "! %{HTTP:X-Real-IP} -ipmatch '127.0.0.0/8' "> >> >> <If "! %{HTTP:X-Real-IP} -ipmatch '192.168.0.0/16' "> >> >> ErrorDocument 404 /errors/404 >> >> </If> >> >> </If> >> >> The user from 172.28.1.84 does not get the nice 404 page, but the default >> 404 page. The IP does not match either of the ranges as observed when >> using the ranges individually, but when combined in this way it does not >> work as expected. >> >> >> >> Any ideas why this is? >> >> >> > > He ended up using a single if with an expression composed by the two > conditions in && to solve the problem, but I started to wonder why this > configuration does not work. I tested the "nested ifs" config with trace8 > logging and it seem that only the outermost <If> expression gets evaluated. > > Is there a specific reason why this happens? I'd expect two possible > outcomes from this configuration, namely either a syntax error while > parsing the config (preferred imho) or a context merge, but not a no-op. > > Any pointers/suggestions about where to look? > > I tried to investigate a bit the problem to write a good explanation in the docs (and also to better understand the httpd internals for fun) but I am still far from a satisfactory result.
I tried the following config (inside other containers like Location too): <If "true"> ErrorDocument 503 "This is a custom 503 inside the outer IF!" <If "true"> ErrorDocument 503 "This is a custom 503 inside the inner IF!" </If> </If> Each time that 503 is generated, I get the "outer IF" 503 response, never the inner one. With gdb it is easy to see that when ap_if_walk is executed, dconf->sec_if->nelts is 1, so only one of the Ifs is evaluated. So I checked how the if sections are parsed and built with ap_process_config_tree->ap_walk_config->ap_walk_config_sub->invoke_cmd->ifsection and eventually ap_add_if, but I only got that the parent/child relationship is set up correctly. My only goal is to figure out if nested Ifs are not evaluated on purpose and if so why they are allowed by the syntax checker. Eventually it would be really great to update the docs (regular user docs and also https://httpd.apache.org/docs/trunk/developer/request.html). Any hints would really be appreciated :) Thanks in advance! Luca