On Fri, Mar 10, 2017 at 12:35 PM, Andrei Ivanov <andrei.iva...@gmail.com>
wrote:
> On Tue, Mar 7, 2017 at 7:08 PM, Andrei Ivanov <andrei.iva...@gmail.com>
> wrote:
>
>> On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic <ylavic....@gmail.com>
>> wrote:
>>
>>> Hi Andrei,
>>>
>>> On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov <andrei.iva...@gmail.com>
>>> wrote:
>>>
>>>> On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov <andrei.iva...@gmail.com
>>>> > wrote:
>>>>
>>>>> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov <
>>>>> andrei.iva...@gmail.com> wrote:
>>>>>
>>>>>> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov <
>>>>>> andrei.iva...@gmail.com> wrote:
>>>>>>
>>>>>>> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov <
>>>>>>> andrei.iva...@gmail.com> wrote:
>>>>>>>
>>>>>>>> On Feb 24, 2017 22:54, "Yann Ylavic" <ylavic....@gmail.com> wrote:
>>>>>>>>
>>>>>>>> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov <
>>>>>>>> andrei.iva...@gmail.com> wrote:
>>>>>>>> >
>>>>>>>> > I've managed to apply your patch and rebuild Apache and now I
>>>>>>>> have:
>>>>>>>> > Header set Client-IP "expr=%{REMOTE_ADDR}"
>>>>>>>> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>>>>>>>> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>>>>>>>>
>>>>>>>> Could you please add:
>>>>>>>> Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
>>>>>>>> PeerExtList('2.5.29.17')"
>>>>>>>> ?
>>>>>>>>
>>>>>>>> If it outputed "Expr: IP Addressfalse" that'd be issue with
>>>>>>>> operators'
>>>>>>>> precedence.
>>>>>>>> I'll try on my side, but you may beat me to it since you have the
>>>>>>>> environment...
>>>>>>>>
>>>>>>>>
>>>>>>>> Ugh, it's my work environment, I'll be able to access it only on
>>>>>>>> Monday.
>>>>>>>>
>>>>>>>>
>>>>>>> Tried now, I've adapted your suggestion a bit as it doesn't seem
>>>>>>> correct:
>>>>>>>
>>>>>>> Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
>>>>>>> %{PeerExtList:2.5.29.17}"
>>>>>>>
>>>>>>> This results in:
>>>>>>> Expr: 'IP Address:'.159.107.78.127 -in email:<redacted1>,
>>>>>>> email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>>>>>>> Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>>>>>>>
>>>>>>> As far as I understand, it doesn't perform the concatenation
>>>>>>> properly.
>>>>>>> I've tried
>>>>>>> Header set Expr "expr='%{IP Address:'
>>>>>>> ββ
>>>>>>> .%{REMOTE_ADDR}} -in %{PeerExtList:2.5.29.17}"
>>>>>>>
>>>>>>> But I get a parse error at startup:
>>>>>>> Can't parse value expression : syntax error, unexpected T_ERROR,
>>>>>>> expecting T_VAR_END or ':': Invalid character in variable name ' '
>>>>>>>
>>>>>>> But I think mod_headers has some different way of interpreting
>>>>>>> expressions, because this doesn't work:
>>>>>>>
>>>>>>> Header set matched false
>>>>>>> <If "'IP Address:'.%{REMOTE_ADDR} -in
>>>>>>> ββ
>>>>>>> %{PeerExtList:2.5.29.17}">
>>>>>>> Header set matched true
>>>>>>> </If>
>>>>>>>
>>>>>>> Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
>>>>>>> expecting T_ID or '{
>>>>>>>
>>>>>>
>>>>>> Yann? Any clues? :-)
>>>>>>
>>>>>
>>>>> Ping π
>>>>>
>>>>
>>>> Hello?
>>>>
>>>
>>> βYes sorry, was busy these days ;)
>>>
>>
>> I understand, who isn't? :-)
>>
>> β
>>> βMixing different types (string, boolean, list) of expressions is not
>>> working currently, and requires changes in the parser (I'll try to work on
>>> this soon).
>>>
>>> In the meantime, maybe with my patch you could try to (uglily) match
>>> "%{PeerExtList:2.5.29.17}" (as a string, hence with the operator "~=")
>>> against something like "IP Address:".β%{REMOTE_ADDR}(,|$) ?
>>>
>>> I've experimented a bit more with your suggestion, still doesn't work :-(
>>
>> Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in
>> %{PeerExtList:2.5.29.17}"
>> Header set Expr2 "expr=%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/"
>> Header set Expr3 "expr=%{PeerExtList:2.5.29.17} =~ /159.107.78.131/"
>>
>> Expr1: 'IP Address:'.159.107.78.131 -in email:<redacted1>,
>> email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>> Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>> Expr2: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP
>> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
>> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
>> Expr3: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP
>> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
>> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
>>
>> So for mod_headers the expression isn't fully evaluated...
>>
>> Header set matched-dynamic false
>> <If "%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/">
>> Header set matched-dynamic true
>> </If>
>> Header set matched-static false
>> <If "%{PeerExtList:2.5.29.17} =~ /159.107.78.131/">
>> Header set matched-static true
>> </If>
>>
>> matched-dynamic: false
>> matched-static: true
>>
>> The match against a dynamic expression fails.
>>
>> Require expr "PeerExtList('2.5.29.17') =~ /'IP
>> Address:'.%{REMOTE_ADDR}(,|$)/"
>> Require expr "PeerExtList('2.5.29.17') =~ /'IP
>> Address:159.107.78.131'(,|$)/"
>>
>> These both fail :-(
>>
>> Thank you for your patience.
>>
>
> Hello?π
>
Yann? I'm getting squeezed here, please help π©
