On Tue, Mar 7, 2017 at 7:08 PM, Andrei Ivanov <andrei.iva...@gmail.com>
wrote:
> On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
>
>> Hi Andrei,
>>
>> On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov <andrei.iva...@gmail.com>
>> wrote:
>>
>>> On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov <andrei.iva...@gmail.com>
>>> wrote:
>>>
>>>> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov <
>>>> andrei.iva...@gmail.com> wrote:
>>>>
>>>>> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov <
>>>>> andrei.iva...@gmail.com> wrote:
>>>>>
>>>>>> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov <
>>>>>> andrei.iva...@gmail.com> wrote:
>>>>>>
>>>>>>> On Feb 24, 2017 22:54, "Yann Ylavic" <ylavic....@gmail.com> wrote:
>>>>>>>
>>>>>>> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov <
>>>>>>> andrei.iva...@gmail.com> wrote:
>>>>>>> >
>>>>>>> > I've managed to apply your patch and rebuild Apache and now I have:
>>>>>>> > Header set Client-IP "expr=%{REMOTE_ADDR}"
>>>>>>> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>>>>>>> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>>>>>>>
>>>>>>> Could you please add:
>>>>>>> Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
>>>>>>> PeerExtList('2.5.29.17')"
>>>>>>> ?
>>>>>>>
>>>>>>> If it outputed "Expr: IP Addressfalse" that'd be issue with
>>>>>>> operators'
>>>>>>> precedence.
>>>>>>> I'll try on my side, but you may beat me to it since you have the
>>>>>>> environment...
>>>>>>>
>>>>>>>
>>>>>>> Ugh, it's my work environment, I'll be able to access it only on
>>>>>>> Monday.
>>>>>>>
>>>>>>>
>>>>>> Tried now, I've adapted your suggestion a bit as it doesn't seem
>>>>>> correct:
>>>>>>
>>>>>> Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
>>>>>> %{PeerExtList:2.5.29.17}"
>>>>>>
>>>>>> This results in:
>>>>>> Expr: 'IP Address:'.159.107.78.127 -in email:<redacted1>,
>>>>>> email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>>>>>> Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>>>>>>
>>>>>> As far as I understand, it doesn't perform the concatenation properly.
>>>>>> I've tried
>>>>>> Header set Expr "expr='%{IP Address:'
>>>>>> ββ
>>>>>> .%{REMOTE_ADDR}} -in %{PeerExtList:2.5.29.17}"
>>>>>>
>>>>>> But I get a parse error at startup:
>>>>>> Can't parse value expression : syntax error, unexpected T_ERROR,
>>>>>> expecting T_VAR_END or ':': Invalid character in variable name ' '
>>>>>>
>>>>>> But I think mod_headers has some different way of interpreting
>>>>>> expressions, because this doesn't work:
>>>>>>
>>>>>> Header set matched false
>>>>>> <If "'IP Address:'.%{REMOTE_ADDR} -in
>>>>>> ββ
>>>>>> %{PeerExtList:2.5.29.17}">
>>>>>> Header set matched true
>>>>>> </If>
>>>>>>
>>>>>> Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
>>>>>> expecting T_ID or '{
>>>>>>
>>>>>
>>>>> Yann? Any clues? :-)
>>>>>
>>>>
>>>> Ping π
>>>>
>>>
>>> Hello?
>>>
>>
>> βYes sorry, was busy these days ;)
>>
>
> I understand, who isn't? :-)
>
> β
>> βMixing different types (string, boolean, list) of expressions is not
>> working currently, and requires changes in the parser (I'll try to work on
>> this soon).
>>
>> In the meantime, maybe with my patch you could try to (uglily) match
>> "%{PeerExtList:2.5.29.17}" (as a string, hence with the operator "~=")
>> against something like "IP Address:".β%{REMOTE_ADDR}(,|$) ?
>>
>> I've experimented a bit more with your suggestion, still doesn't work :-(
>
> Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in
> %{PeerExtList:2.5.29.17}"
> Header set Expr2 "expr=%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/"
> Header set Expr3 "expr=%{PeerExtList:2.5.29.17} =~ /159.107.78.131/"
>
> Expr1: 'IP Address:'.159.107.78.131 -in email:<redacted1>,
> email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
> Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
> Expr2: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP
> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
> Expr3: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP
> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
>
> So for mod_headers the expression isn't fully evaluated...
>
> Header set matched-dynamic false
> <If "%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/">
> Header set matched-dynamic true
> </If>
> Header set matched-static false
> <If "%{PeerExtList:2.5.29.17} =~ /159.107.78.131/">
> Header set matched-static true
> </If>
>
> matched-dynamic: false
> matched-static: true
>
> The match against a dynamic expression fails.
>
> Require expr "PeerExtList('2.5.29.17') =~ /'IP
> Address:'.%{REMOTE_ADDR}(,|$)/"
> Require expr "PeerExtList('2.5.29.17') =~ /'IP
> Address:159.107.78.131'(,|$)/"
>
> These both fail :-(
>
> Thank you for your patience.
>
Hello?π
