On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
> Hi Andrei,
>
> On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov <andrei.iva...@gmail.com>
> wrote:
>
>> On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov <andrei.iva...@gmail.com>
>> wrote:
>>
>>> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov <andrei.iva...@gmail.com
>>> > wrote:
>>>
>>>> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov <
>>>> andrei.iva...@gmail.com> wrote:
>>>>
>>>>> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov <
>>>>> andrei.iva...@gmail.com> wrote:
>>>>>
>>>>>> On Feb 24, 2017 22:54, "Yann Ylavic" <ylavic....@gmail.com> wrote:
>>>>>>
>>>>>> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov <
>>>>>> andrei.iva...@gmail.com> wrote:
>>>>>> >
>>>>>> > I've managed to apply your patch and rebuild Apache and now I have:
>>>>>> > Header set Client-IP "expr=%{REMOTE_ADDR}"
>>>>>> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>>>>>> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>>>>>>
>>>>>> Could you please add:
>>>>>> Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
>>>>>> PeerExtList('2.5.29.17')"
>>>>>> ?
>>>>>>
>>>>>> If it outputed "Expr: IP Addressfalse" that'd be issue with operators'
>>>>>> precedence.
>>>>>> I'll try on my side, but you may beat me to it since you have the
>>>>>> environment...
>>>>>>
>>>>>>
>>>>>> Ugh, it's my work environment, I'll be able to access it only on
>>>>>> Monday.
>>>>>>
>>>>>>
>>>>> Tried now, I've adapted your suggestion a bit as it doesn't seem
>>>>> correct:
>>>>>
>>>>> Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
>>>>> %{PeerExtList:2.5.29.17}"
>>>>>
>>>>> This results in:
>>>>> Expr: 'IP Address:'.159.107.78.127 -in email:<redacted1>,
>>>>> email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>>>>> Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>>>>>
>>>>> As far as I understand, it doesn't perform the concatenation properly.
>>>>> I've tried
>>>>> Header set Expr "expr='%{IP Address:'
>>>>> ββ
>>>>> .%{REMOTE_ADDR}} -in %{PeerExtList:2.5.29.17}"
>>>>>
>>>>> But I get a parse error at startup:
>>>>> Can't parse value expression : syntax error, unexpected T_ERROR,
>>>>> expecting T_VAR_END or ':': Invalid character in variable name ' '
>>>>>
>>>>> But I think mod_headers has some different way of interpreting
>>>>> expressions, because this doesn't work:
>>>>>
>>>>> Header set matched false
>>>>> <If "'IP Address:'.%{REMOTE_ADDR} -in
>>>>> ββ
>>>>> %{PeerExtList:2.5.29.17}">
>>>>> Header set matched true
>>>>> </If>
>>>>>
>>>>> Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
>>>>> expecting T_ID or '{
>>>>>
>>>>
>>>> Yann? Any clues? :-)
>>>>
>>>
>>> Ping π
>>>
>>
>> Hello?
>>
>
> βYes sorry, was busy these days ;)
>
I understand, who isn't? :-)
β
> βMixing different types (string, boolean, list) of expressions is not
> working currently, and requires changes in the parser (I'll try to work on
> this soon).
>
> In the meantime, maybe with my patch you could try to (uglily) match
> "%{PeerExtList:2.5.29.17}" (as a string, hence with the operator "~=")
> against something like "IP Address:".β%{REMOTE_ADDR}(,|$) ?
>
> I've experimented a bit more with your suggestion, still doesn't work :-(
Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in
%{PeerExtList:2.5.29.17}"
Header set Expr2 "expr=%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/"
Header set Expr3 "expr=%{PeerExtList:2.5.29.17} =~ /159.107.78.131/"
Expr1: 'IP Address:'.159.107.78.131 -in email:<redacted1>,
email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
Expr2: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP
Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
Expr3: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP
Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
So for mod_headers the expression isn't fully evaluated...
Header set matched-dynamic false
<If "%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/">
Header set matched-dynamic true
</If>
Header set matched-static false
<If "%{PeerExtList:2.5.29.17} =~ /159.107.78.131/">
Header set matched-static true
</If>
matched-dynamic: false
matched-static: true
The match against a dynamic expression fails.
Require expr "PeerExtList('2.5.29.17') =~ /'IP
Address:'.%{REMOTE_ADDR}(,|$)/"
Require expr "PeerExtList('2.5.29.17') =~ /'IP
Address:159.107.78.131'(,|$)/"
These both fail :-(
Thank you for your patience.
