On Mon, Mar 13, 2017 at 4:16 PM, Andrei Ivanov <andrei.iva...@gmail.com>
wrote:
> On Fri, Mar 10, 2017 at 12:35 PM, Andrei Ivanov <andrei.iva...@gmail.com>
> wrote:
>
>> On Tue, Mar 7, 2017 at 7:08 PM, Andrei Ivanov <andrei.iva...@gmail.com>
>> wrote:
>>
>>> On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic <ylavic....@gmail.com>
>>> wrote:
>>>
>>>> Hi Andrei,
>>>>
>>>> On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov <andrei.iva...@gmail.com
>>>> > wrote:
>>>>
>>>>> On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov <
>>>>> andrei.iva...@gmail.com> wrote:
>>>>>
>>>>>> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov <
>>>>>> andrei.iva...@gmail.com> wrote:
>>>>>>
>>>>>>> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov <
>>>>>>> andrei.iva...@gmail.com> wrote:
>>>>>>>
>>>>>>>> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov <
>>>>>>>> andrei.iva...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> On Feb 24, 2017 22:54, "Yann Ylavic" <ylavic....@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov <
>>>>>>>>> andrei.iva...@gmail.com> wrote:
>>>>>>>>> >
>>>>>>>>> > I've managed to apply your patch and rebuild Apache and now I
>>>>>>>>> have:
>>>>>>>>> > Header set Client-IP "expr=%{REMOTE_ADDR}"
>>>>>>>>> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>>>>>>>>> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>>>>>>>>>
>>>>>>>>> Could you please add:
>>>>>>>>> Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
>>>>>>>>> PeerExtList('2.5.29.17')"
>>>>>>>>> ?
>>>>>>>>>
>>>>>>>>> If it outputed "Expr: IP Addressfalse" that'd be issue with
>>>>>>>>> operators'
>>>>>>>>> precedence.
>>>>>>>>> I'll try on my side, but you may beat me to it since you have the
>>>>>>>>> environment...
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Ugh, it's my work environment, I'll be able to access it only on
>>>>>>>>> Monday.
>>>>>>>>>
>>>>>>>>>
>>>>>>>> Tried now, I've adapted your suggestion a bit as it doesn't seem
>>>>>>>> correct:
>>>>>>>>
>>>>>>>> Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
>>>>>>>> %{PeerExtList:2.5.29.17}"
>>>>>>>>
>>>>>>>> This results in:
>>>>>>>> Expr: 'IP Address:'.159.107.78.127 -in email:<redacted1>,
>>>>>>>> email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>>>>>>>> Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>>>>>>>>
>>>>>>>> As far as I understand, it doesn't perform the concatenation
>>>>>>>> properly.
>>>>>>>> I've tried
>>>>>>>> Header set Expr "expr='%{IP Address:'
>>>>>>>> ββ
>>>>>>>> .%{REMOTE_ADDR}} -in %{PeerExtList:2.5.29.17}"
>>>>>>>>
>>>>>>>> But I get a parse error at startup:
>>>>>>>> Can't parse value expression : syntax error, unexpected T_ERROR,
>>>>>>>> expecting T_VAR_END or ':': Invalid character in variable name ' '
>>>>>>>>
>>>>>>>> But I think mod_headers has some different way of interpreting
>>>>>>>> expressions, because this doesn't work:
>>>>>>>>
>>>>>>>> Header set matched false
>>>>>>>> <If "'IP Address:'.%{REMOTE_ADDR} -in
>>>>>>>> ββ
>>>>>>>> %{PeerExtList:2.5.29.17}">
>>>>>>>> Header set matched true
>>>>>>>> </If>
>>>>>>>>
>>>>>>>> Cannot parse condition clause: syntax error, unexpected
>>>>>>>> T_VAR_BEGIN, expecting T_ID or '{
>>>>>>>>
>>>>>>>
>>>>>>> Yann? Any clues? :-)
>>>>>>>
>>>>>>
>>>>>> Ping π
>>>>>>
>>>>>
>>>>> Hello?
>>>>>
>>>>
>>>> βYes sorry, was busy these days ;)
>>>>
>>>
>>> I understand, who isn't? :-)
>>>
>>> β
>>>> βMixing different types (string, boolean, list) of expressions is not
>>>> working currently, and requires changes in the parser (I'll try to work on
>>>> this soon).
>>>>
>>>> In the meantime, maybe with my patch you could try to (uglily) match
>>>> "%{PeerExtList:2.5.29.17}" (as a string, hence with the operator "~=")
>>>> against something like "IP Address:".β%{REMOTE_ADDR}(,|$) ?
>>>>
>>>> I've experimented a bit more with your suggestion, still doesn't work
>>> :-(
>>>
>>> Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in
>>> %{PeerExtList:2.5.29.17}"
>>> Header set Expr2 "expr=%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/"
>>> Header set Expr3 "expr=%{PeerExtList:2.5.29.17} =~ /159.107.78.131/"
>>>
>>> Expr1: 'IP Address:'.159.107.78.131 -in email:<redacted1>,
>>> email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>>> Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>>> Expr2: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP
>>> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
>>> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
>>> Expr3: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP
>>> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
>>> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
>>>
>>> So for mod_headers the expression isn't fully evaluated...
>>>
>>> Header set matched-dynamic false
>>> <If "%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/">
>>> Header set matched-dynamic true
>>> </If>
>>> Header set matched-static false
>>> <If "%{PeerExtList:2.5.29.17} =~ /159.107.78.131/">
>>> Header set matched-static true
>>> </If>
>>>
>>> matched-dynamic: false
>>> matched-static: true
>>>
>>> The match against a dynamic expression fails.
>>>
>>> Require expr "PeerExtList('2.5.29.17') =~ /'IP
>>> Address:'.%{REMOTE_ADDR}(,|$)/"
>>> Require expr "PeerExtList('2.5.29.17') =~ /'IP
>>> Address:159.107.78.131'(,|$)/"
>>>
>>> These both fail :-(
>>>
>>> Thank you for your patience.
>>>
>>
>> Hello?π
>>
>
> Yann? I'm getting squeezed here, please help π©
>
Anybody?
