Hi,
I'm trying to validate incoming requests by comparing the request IP to the
IP addresses provided in the client certificate subjectAltName.
Searching around, I found
http://wiki.cacert.org/ApacheServerClientCertificateAuthentication, which
gives an example using the email address:
SSLRequire
Anybody? :-/
On Thu, Dec 15, 2016 at 12:46 PM, Andrei Ivanov
wrote:
> Hi,
> I'm trying to validate incoming requests by comparing the request IP to
> the IP addresses provided in the client certificate subjectAltName.
>
> Searching around, I found ht
verify
> SSL_CLIENT_S_DN_OU as well as SSL_CLIENT_S_DN_O.
> --
>
> With Best Regards,
> Marat Khalili
>
> On 15/12/16 13:46, Andrei Ivanov wrote:
>
> Hi,
> I'm trying to validate incoming requests by comparing the request IP to
> the IP addresses provided in
omething like this:
>
> Require expr "%{SSL_CLIENT_SAN_DNS_1} == %{REMOTE_ADDR}"
>
>
> --
>
> With Best Regards,
> Marat Khalili
>
> On 19/12/16 18:48, Andrei Ivanov wrote:
>
> Hi,
> Yes, I did notice the suggestion of using Require expr, the p
I think the nicest way would be like mod_ssl does with PeerExtList:
Example
SSLRequire "foobar" in PeerExtList("1.2.3.4.5.6")
So at least it's nice to know Apache Httpd already does this in some cases.
I guess I'll update my ticket, or maybe create a new one for all
the subjectAltName variables.
Hi,
I'm trying to create a lua authorization script but I can't seem to access
the request environment:
require 'apache2'
function authz_check_remote_ip_in_client_san(r)
r:err("remote_ip_in_client_san running...");
r:alert("uri: " .. r.uri);
r:alert("useragent_ip: " .. r.u
On Tue, Feb 14, 2017 at 1:59 PM, Daniel Gruno wrote:
> On 02/14/2017 12:38 PM, Andrei Ivanov wrote:
> > Hi,
> > I'm trying to create a lua authorization script but I can't seem to
> > access the request environment:
> >
> > require 'apache2'
&
On Tue, Feb 14, 2017 at 2:19 PM, Daniel Gruno wrote:
> On 02/14/2017 01:16 PM, Andrei Ivanov wrote:
> > On Tue, Feb 14, 2017 at 1:59 PM, Daniel Gruno > <mailto:humbed...@apache.org>> wrote:
> >
> > On 02/14/2017 12:38 PM, Andrei Ivanov wrote:
> >
Hi,
I have a requirement to check incoming requests, something that would
be succinctly
expressed this way:
Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
This would check that the request IP address is among the IP addresses in
the client certificate.
Unfortunately, this doesn'
On Wed, Feb 15, 2017 at 12:46 PM, Daniel Gruno wrote:
> On 02/15/2017 11:31 AM, Andrei Ivanov wrote:
> > Hi,
> > I have a requirement to check incoming requests, something that would be
> > succinctly expressed this way:
> >
> >
> > Require expr &qu
On Thu, Feb 16, 2017 at 2:49 PM, Yann Ylavic wrote:
> On Tue, Feb 14, 2017 at 1:24 PM, Andrei Ivanov
> wrote:
> >
> > I'm using mod_nss exactly because mod_ssl doesn't expose that variable
> and
> > my issue that requests that is sitting ignored for 2 mon
On Thu, Feb 16, 2017 at 5:20 PM, Yann Ylavic wrote:
> On Thu, Feb 16, 2017 at 2:46 PM, Andrei Ivanov
> wrote:
> >
> > I gave it a try, but seems to reach the same limitation of the expression
> > engine :-(
> > NSSRequire %{REMOTE_ADDR} in PeerExtList('
On Thu, Feb 16, 2017 at 9:26 PM, Eric Covener wrote:
> On Thu, Feb 16, 2017 at 11:16 AM, Andrei Ivanov
> wrote:
> > Is there a way to debug this? To print the values from the expression in
> the
> > logs maybe?
>
> One simple way to debug is to use the same [sub-]e
On Thu, Feb 16, 2017 at 11:38 AM, Andrei Ivanov
wrote:
> On Wed, Feb 15, 2017 at 12:46 PM, Daniel Gruno
> wrote:
>
>> On 02/15/2017 11:31 AM, Andrei Ivanov wrote:
>> > Hi,
>> > I have a requirement to check incoming requests, something that would be
&
On Fri, Feb 17, 2017 at 12:18 PM, Andrei Ivanov
wrote:
>
> On Thu, Feb 16, 2017 at 9:26 PM, Eric Covener wrote:
>
>> On Thu, Feb 16, 2017 at 11:16 AM, Andrei Ivanov
>> wrote:
>> > Is there a way to debug this? To print the values from the expression
>> in t
On Mon, Feb 20, 2017 at 11:31 AM, Andrei Ivanov
wrote:
> On Fri, Feb 17, 2017 at 12:18 PM, Andrei Ivanov
> wrote:
>
>>
>> On Thu, Feb 16, 2017 at 9:26 PM, Eric Covener wrote:
>>
>>> On Thu, Feb 16, 2017 at 11:16 AM, Andrei Ivanov
>>> wrote:
>
On Tue, Feb 21, 2017 at 6:32 PM, Yann Ylavic wrote:
> On Tue, Feb 21, 2017 at 4:50 PM, Andrei Ivanov
> wrote:
> >>>
> >>> Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"
>
> The syntax may be rather:
>
> Header set Client-SAN
On Tue, Feb 21, 2017 at 6:43 PM, Andrei Ivanov
wrote:
> On Tue, Feb 21, 2017 at 6:32 PM, Yann Ylavic wrote:
>
>> On Tue, Feb 21, 2017 at 4:50 PM, Andrei Ivanov
>> wrote:
>> >>>
>> >>> Header set Client-SAN "%{PeerExtList('2.5.29.17&#x
On Wed, Feb 22, 2017 at 2:13 AM, Yann Ylavic wrote:
> On Wed, Feb 22, 2017 at 1:09 AM, Yann Ylavic wrote:
> > On Tue, Feb 21, 2017 at 5:43 PM, Andrei Ivanov
> wrote:
> >> On Tue, Feb 21, 2017 at 6:32 PM, Yann Ylavic
> wrote:
> >>>
> >>>
On Wed, Feb 22, 2017 at 12:02 PM, Yann Ylavic wrote:
> On Wed, Feb 22, 2017 at 10:58 AM, Andrei Ivanov
> wrote:
> >
> > So... do I have a chance to get it running on RHEL 7.3 which ships with
> > 2.4.6?
>
> That may work in 2.4.6, I just didn't try ;)
> &q
On Wed, Feb 22, 2017 at 3:36 PM, Yann Ylavic wrote:
> On Wed, Feb 22, 2017 at 11:19 AM, Andrei Ivanov
> wrote:
> > On Wed, Feb 22, 2017 at 12:02 PM, Yann Ylavic
> wrote:
> >>
> >> On Wed, Feb 22, 2017 at 10:58 AM, Andrei Ivanov <
> andrei.iva...@gmail.co
On Wed, Feb 22, 2017 at 5:10 PM, Yann Ylavic wrote:
> On Wed, Feb 22, 2017 at 3:19 PM, Andrei Ivanov
> wrote:
> > On Wed, Feb 22, 2017 at 3:36 PM, Yann Ylavic
> wrote:
> >>
> >> My bad, please try without the parentheses:
> >>
> >>
On Feb 24, 2017 22:54, "Yann Ylavic" wrote:
On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov
wrote:
>
> I've managed to apply your patch and rebuild Apache and now I have:
> Header set Client-IP "expr=%{REMOTE_ADDR}"
> Header set Client-SAN "expr=%{Peer
On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov
wrote:
> On Feb 24, 2017 22:54, "Yann Ylavic" wrote:
>
> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov
> wrote:
> >
> > I've managed to apply your patch and rebuild Apache and now I have:
> > Header s
On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov
wrote:
> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov
> wrote:
>
>> On Feb 24, 2017 22:54, "Yann Ylavic" wrote:
>>
>> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov
>> wrote:
>> >
>>
On Tue, Feb 28, 2017 at 2:02 PM, Eric Covener wrote:
> On Mon, Feb 27, 2017 at 4:58 AM, Andrei Ivanov
> wrote:
> > But I think mod_headers has some different way of interpreting
> expressions,
> > because this doesn't work:
>
> The grammar has different star
On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov
wrote:
> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov
> wrote:
>
>> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov
>> wrote:
>>
>>> On Feb 24, 2017 22:54, "Yann Ylavic" wrote:
>>>
>&g
On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov
wrote:
> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov
> wrote:
>
>> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov
>> wrote:
>>
>>> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov >> > wrote:
On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic wrote:
> Hi Andrei,
>
> On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov
> wrote:
>
>> On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov
>> wrote:
>>
>>> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov >>
On Tue, Mar 7, 2017 at 7:08 PM, Andrei Ivanov
wrote:
> On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic wrote:
>
>> Hi Andrei,
>>
>> On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov
>> wrote:
>>
>>> On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov
>>
On Fri, Mar 10, 2017 at 12:35 PM, Andrei Ivanov
wrote:
> On Tue, Mar 7, 2017 at 7:08 PM, Andrei Ivanov
> wrote:
>
>> On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic
>> wrote:
>>
>>> Hi Andrei,
>>>
>>> On Mon, Mar 6, 2017 at 10:15 AM, Andrei Iv
On Mon, Mar 13, 2017 at 4:16 PM, Andrei Ivanov
wrote:
> On Fri, Mar 10, 2017 at 12:35 PM, Andrei Ivanov
> wrote:
>
>> On Tue, Mar 7, 2017 at 7:08 PM, Andrei Ivanov
>> wrote:
>>
>>> On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic
>>> wrote:
>>&g
On Wed, Mar 22, 2017 at 3:27 PM, Yann Ylavic wrote:
> On Wed, Mar 22, 2017 at 1:37 PM, Yann Ylavic wrote:
> >
> > There are two patches attached, one for the changes in httpd code, the
> > other for the files generated by the bison/flex parser.
>
> The second patch was missing the changes in ser
On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov
wrote:
> On Wed, Mar 22, 2017 at 3:27 PM, Yann Ylavic wrote:
>
>> On Wed, Mar 22, 2017 at 1:37 PM, Yann Ylavic
>> wrote:
>> >
>> > There are two patches attached, one for the changes in httpd code, the
>&
On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic wrote:
> On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov
> wrote:
> > On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov
> > wrote:
> >
> > Argh! You've sent more emails but Gmail received them out of order so I
>
On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov
wrote:
> On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic wrote:
>
>> On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov
>> wrote:
>> > On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov > >
>> > wrote:
>>
On Wed, Mar 29, 2017 at 12:16 PM, Andrei Ivanov
wrote:
> On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov
> wrote:
>
>> On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic
>> wrote:
>>
>>> On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov
>>> wrote:
>>
On Tue, Apr 4, 2017 at 4:25 PM, Andrei Ivanov
wrote:
> On Wed, Mar 29, 2017 at 12:16 PM, Andrei Ivanov
> wrote:
>
>> On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov
>> wrote:
>>
>>> On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic
>>> wrote:
>>&g
On Apr 10, 2017 12:10 PM, "Andrei Ivanov" wrote:
On Tue, Apr 4, 2017 at 4:25 PM, Andrei Ivanov
wrote:
> On Wed, Mar 29, 2017 at 12:16 PM, Andrei Ivanov
> wrote:
>
>> On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov
>> wrote:
>>
>>> On Wed, M
Yann? 😓
On Wed, Apr 19, 2017 at 11:49 AM, Andrei Ivanov
wrote:
> On Apr 10, 2017 12:10 PM, "Andrei Ivanov" wrote:
>
> On Tue, Apr 4, 2017 at 4:25 PM, Andrei Ivanov
> wrote:
>
>> On Wed, Mar 29, 2017 at 12:16 PM, Andrei Ivanov
>> wrote:
>>
>>
Does anybody know anything about Yann? 🤔
On Thu, Apr 27, 2017 at 3:47 PM, Andrei Ivanov
wrote:
> Yann? 😓
>
>
> On Wed, Apr 19, 2017 at 11:49 AM, Andrei Ivanov
> wrote:
>
>> On Apr 10, 2017 12:10 PM, "Andrei Ivanov"
>> wrote:
>>
>> On
On Sun, May 28, 2017 at 11:54 PM, Yann Ylavic wrote:
> Hi Andrei,
>
> On Wed, May 24, 2017 at 5:50 PM, Andrei Ivanov
> wrote:
> >
> > Does anybody know anything about Yann?
>
> I do :)
>
> Sorry I didn't have the time to propose something to the dev te
Hi,
Now that I've managed to configure my 'require' directive, I have a
requirement to log some details to syslog in case the request is not
authorized.
Require expr ""
// if expression is false, log details about the request and maybe
the SSL certificate to syslog
I've searched aro
Anybody? Can this be done in some way?
On Fri, Jun 16, 2017 at 4:23 PM, Andrei Ivanov
wrote:
> Hi,
> Now that I've managed to configure my 'require' directive, I have a
> requirement to log some details to syslog in case the request is not
> authorized
Hi,
Seeing that 2.4.26 was released, is this a good time? 😀
Thanks again.
On Sun, May 28, 2017 at 11:54 PM, Yann Ylavic wrote:
> Hi Andrei,
>
> On Wed, May 24, 2017 at 5:50 PM, Andrei Ivanov
> wrote:
> >
> > Does anybody know anything about Yann?
>
> I do :)
&g
;dr=on&is=1&token=48034&pp=13&rc=6>
> **
>
> On 20 June 2017 at 17:41:22, Andrei Ivanov (andrei.iva...@gmail.com)
> wrote:
>
>> Hi,
>> Seeing that 2.4.26 was released, is this a good time? 😀
>>
>&
On Wed, Jun 21, 2017 at 6:24 PM, Luca Toscano
wrote:
> Hi Andrei,
>
> 2017-06-16 15:23 GMT+02:00 Andrei Ivanov :
>
>> Hi,
>> Now that I've managed to configure my 'require' directive, I have a
>> requirement to log some details to sy
Yann? Is it a good time now? 🙂
On Tue, Jun 20, 2017 at 6:41 PM, Andrei Ivanov
wrote:
> Hi,
> Seeing that 2.4.26 was released, is this a good time? 😀
>
> Thanks again.
>
> On Sun, May 28, 2017 at 11:54 PM, Yann Ylavic
> wrote:
>
>> Hi Andrei,
>>
>&g
This is great news, thank you very much.
So far I am monitoring the list archives through
http://mail-archives.apache.org/mod_mbox/httpd-dev/201707.mbox/browser :)
On Sat, Jul 15, 2017 at 1:01 AM, Yann Ylavic wrote:
> Hi Andrei,
>
> On Thu, Jul 13, 2017 at 3:21 PM, Andrei Ivanov
Hmm, if nobody comments on your proposal does it mean you get an implicit
commit acceptance after 1 month? 😀
On Sat, Jul 15, 2017 at 7:35 PM, Andrei Ivanov
wrote:
> This is great news, thank you very much.
>
> So far I am monitoring the list archives through http://mail-archives.
>
Yann?
What's the next step? Your message didn't seem to draw attention from
others and it's been almost 2 months 😞
On Mon, Aug 7, 2017 at 3:30 PM, Andrei Ivanov
wrote:
> Hmm, if nobody comments on your proposal does it mean you get an implicit
> commit acceptance after 1
Yann? Are you there? 😕
On Sun, Sep 10, 2017 at 1:46 PM, Andrei Ivanov
wrote:
> Yann?
> What's the next step? Your message didn't seem to draw attention from
> others and it's been almost 2 months 😞
>
> On Mon, Aug 7, 2017 at 3:30 PM, Andrei Ivanov
> wrote
Ok, I understand.
Thank you very much 🙂
On Sun, Sep 17, 2017 at 7:14 PM, Yann Ylavic wrote:
> On Sun, Sep 10, 2017 at 12:46 PM, Andrei Ivanov
> wrote:
> > Yann?
> > What's the next step? Your message didn't seem to draw attention from
> others
> > and
Woohoo!
Thank you ☺
On Tue, Oct 3, 2017 at 1:44 AM, Yann Ylavic wrote:
> Hi Andrei,
>
> Committed to trunk (http://svn.apache.org/r1810605), should have a better
> visibility (and review) now.
>
> Regards,
> Yann.
>
>
> On Sun, Sep 17, 2017 at 8:18 PM, Andr
Hi Yann,
Any news on the reviews?
On Tue, Oct 3, 2017 at 9:58 AM, Andrei Ivanov
wrote:
> Woohoo!
>
> Thank you ☺
>
> On Tue, Oct 3, 2017 at 1:44 AM, Yann Ylavic wrote:
>
>> Hi Andrei,
>>
>> Committed to trunk (http://svn.apache.org/r1810605), should have a
&
Yann? Are you there? 😞
On Mon, Dec 4, 2017 at 3:43 PM, Andrei Ivanov
wrote:
> Hi Yann,
> Any news on the reviews?
>
> On Tue, Oct 3, 2017 at 9:58 AM, Andrei Ivanov
> wrote:
>
>> Woohoo!
>>
>> Thank you ☺
>>
>> On Tue, Oct 3, 2017
Hello? Yann?
On Thu, Dec 21, 2017 at 5:39 PM, Andrei Ivanov
wrote:
> Yann? Are you there? 😞
>
> On Mon, Dec 4, 2017 at 3:43 PM, Andrei Ivanov
> wrote:
>
>> Hi Yann,
>> Any news on the reviews?
>>
>> On Tue, Oct 3, 2017 at 9:58 AM, Andrei Ivanov
>&
Yann?
Any chance to get this reviewed after the 2.4.32 release?
On Tue, Jan 2, 2018 at 7:08 PM, Andrei Ivanov
wrote:
> Hello? Yann?
>
> On Thu, Dec 21, 2017 at 5:39 PM, Andrei Ivanov
> wrote:
>
>> Yann? Are you there? 😞
>>
>> On Mon, Dec 4, 2017 at 3:43 PM, A
58 matches
Mail list logo
