On Tue, Feb 14, 2017 at 2:19 PM, Daniel Gruno <humbed...@apache.org> wrote:
> On 02/14/2017 01:16 PM, Andrei Ivanov wrote: > > On Tue, Feb 14, 2017 at 1:59 PM, Daniel Gruno <humbed...@apache.org > > <mailto:humbed...@apache.org>> wrote: > > > > On 02/14/2017 12:38 PM, Andrei Ivanov wrote: > > > Hi, > > > I'm trying to create a lua authorization script but I can't seem to > > > access the request environment: > > > > > > require 'apache2' > > > > > > function authz_check_remote_ip_in_client_san(r) > > > r:err("remote_ip_in_client_san running..."); > > > r:alert("uri: " .. r.uri); > > > r:alert("useragent_ip: " .. r.useragent_ip); > > > local ip = r.subprocess_env["REMOTE_ADDRESS"]; > > > r:crit("REMOTE_ADDRESS: " .. (ip or "N/A")); > > > r:emerg("SSL_CLIENT_SAN_IPaddr: " .. > > > (r.subprocess_env["SSL_CLIENT_SAN_IPaddr"] or "N/A")); > > > > > > What about r.subprocess_env["REMOTE_ADDRESS"]? Shouldn't that work at > least? > > Not exactly, this isn't CGI - the remote IP is exposed through > r.useragent_ip. Getting environment variables is tricky since the Lua VM > is sort of detached from the actual thread handling the request. > I was using the REMOTE_ADDRESS since it was used as an example in a post :-) http://lua-users.org/lists/lua-l/2010-07/msg00671.html Is subprocess_env working at all? > > > > > > use r:ssl_var_lookup("SSL_CLIENT_SAN_IPaddr") instead. > > r:ssl_var_lookup does the special SSL vars. > > > > > > I don't get a nil now anymore, but I seem to get back an empty string :-( > > SSL_CLIENT_SAN_IPaddr should be exposed by mod_nss, activated in this > > virtual host. > > If it's not exposed by mod_ssl, then it may not be available through > that call. You should try finding the corresponding mod_ssl variable if > possible. > > I'm using mod_nss exactly because mod_ssl doesn't expose that variable and my issue that requests that is sitting ignored for 2 months now :-( I was hoping this would help: <Files ~ "\.(cgi|shtml|phtml|php3|lua?)$"> NSSOptions +StdEnvVars </Files> > > > > > > > > With regards, > > Daniel. > > > > > > > > return apache2.AUTHZ_GRANTED > > > end > > > > > > The logs show entries like this for the values accessed from > > > r.subprocess_env: > > > REMOTE_ADDRESS: N/A > > > SSL_CLIENT_SAN_IPaddr: N/A > > > > > > > > > LuaScope thread > > > LuaAuthzProvider remote_ip_in_client_san > > > /etc/httpd/authz/authz_check_remote_ip_in_client_san.lua > > > authz_check_remote_ip_in_client_san > > > <Location /> > > > Require remote_ip_in_client_san > > > > > > # these don't seem to work so I'm trying to implement them in > a LUA > > > script > > > #NSSRequire %{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr} > > > #Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}" > > > </Location> > > > > > > What am I doing wrong? > > > > > > Thank you in advance. > > > > > > ------------------------------------------------------------ > --------- > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > <mailto:users-unsubscr...@httpd.apache.org> > > For additional commands, e-mail: users-h...@httpd.apache.org > > <mailto:users-h...@httpd.apache.org> > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
