On Mon, Mar 13, 2017 at 4:16 PM, Andrei Ivanov <andrei.iva...@gmail.com> wrote:
> On Fri, Mar 10, 2017 at 12:35 PM, Andrei Ivanov <andrei.iva...@gmail.com> > wrote: > >> On Tue, Mar 7, 2017 at 7:08 PM, Andrei Ivanov <andrei.iva...@gmail.com> >> wrote: >> >>> On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic <ylavic....@gmail.com> >>> wrote: >>> >>>> Hi Andrei, >>>> >>>> On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov <andrei.iva...@gmail.com >>>> > wrote: >>>> >>>>> On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov < >>>>> andrei.iva...@gmail.com> wrote: >>>>> >>>>>> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov < >>>>>> andrei.iva...@gmail.com> wrote: >>>>>> >>>>>>> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov < >>>>>>> andrei.iva...@gmail.com> wrote: >>>>>>> >>>>>>>> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov < >>>>>>>> andrei.iva...@gmail.com> wrote: >>>>>>>> >>>>>>>>> On Feb 24, 2017 22:54, "Yann Ylavic" <ylavic....@gmail.com> wrote: >>>>>>>>> >>>>>>>>> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov < >>>>>>>>> andrei.iva...@gmail.com> wrote: >>>>>>>>> > >>>>>>>>> > I've managed to apply your patch and rebuild Apache and now I >>>>>>>>> have: >>>>>>>>> > Header set Client-IP "expr=%{REMOTE_ADDR}" >>>>>>>>> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}" >>>>>>>>> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}" >>>>>>>>> >>>>>>>>> Could you please add: >>>>>>>>> Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in >>>>>>>>> PeerExtList('2.5.29.17')" >>>>>>>>> ? >>>>>>>>> >>>>>>>>> If it outputed "Expr: IP Addressfalse" that'd be issue with >>>>>>>>> operators' >>>>>>>>> precedence. >>>>>>>>> I'll try on my side, but you may beat me to it since you have the >>>>>>>>> environment... >>>>>>>>> >>>>>>>>> >>>>>>>>> Ugh, it's my work environment, I'll be able to access it only on >>>>>>>>> Monday. >>>>>>>>> >>>>>>>>> >>>>>>>> Tried now, I've adapted your suggestion a bit as it doesn't seem >>>>>>>> correct: >>>>>>>> >>>>>>>> Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in >>>>>>>> %{PeerExtList:2.5.29.17}" >>>>>>>> >>>>>>>> This results in: >>>>>>>> Expr: 'IP Address:'.159.107.78.127 -in email:<redacted1>, >>>>>>>> email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP >>>>>>>> Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 >>>>>>>> >>>>>>>> As far as I understand, it doesn't perform the concatenation >>>>>>>> properly. >>>>>>>> I've tried >>>>>>>> Header set Expr "expr='%{IP Address:' >>>>>>>> ββ >>>>>>>> .%{REMOTE_ADDR}} -in %{PeerExtList:2.5.29.17}" >>>>>>>> >>>>>>>> But I get a parse error at startup: >>>>>>>> Can't parse value expression : syntax error, unexpected T_ERROR, >>>>>>>> expecting T_VAR_END or ':': Invalid character in variable name ' ' >>>>>>>> >>>>>>>> But I think mod_headers has some different way of interpreting >>>>>>>> expressions, because this doesn't work: >>>>>>>> >>>>>>>> Header set matched false >>>>>>>> <If "'IP Address:'.%{REMOTE_ADDR} -in >>>>>>>> ββ >>>>>>>> %{PeerExtList:2.5.29.17}"> >>>>>>>> Header set matched true >>>>>>>> </If> >>>>>>>> >>>>>>>> Cannot parse condition clause: syntax error, unexpected >>>>>>>> T_VAR_BEGIN, expecting T_ID or '{ >>>>>>>> >>>>>>> >>>>>>> Yann? Any clues? :-) >>>>>>> >>>>>> >>>>>> Ping π >>>>>> >>>>> >>>>> Hello? >>>>> >>>> >>>> βYes sorry, was busy these days ;) >>>> >>> >>> I understand, who isn't? :-) >>> >>> β >>>> βMixing different types (string, boolean, list) of expressions is not >>>> working currently, and requires changes in the parser (I'll try to work on >>>> this soon). >>>> >>>> In the meantime, maybe with my patch you could try to (uglily) match >>>> "%{PeerExtList:2.5.29.17}" (as a string, hence with the operator "~=") >>>> against something like "IP Address:".β%{REMOTE_ADDR}(,|$) ? >>>> >>>> I've experimented a bit more with your suggestion, still doesn't work >>> :-( >>> >>> Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in >>> %{PeerExtList:2.5.29.17}" >>> Header set Expr2 "expr=%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/" >>> Header set Expr3 "expr=%{PeerExtList:2.5.29.17} =~ /159.107.78.131/" >>> >>> Expr1: 'IP Address:'.159.107.78.131 -in email:<redacted1>, >>> email:<redacted2>, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP >>> Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 >>> Expr2: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP >>> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP >>> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/ >>> Expr3: email:<redacted1>, email:<redacted2>, IP Address:127.0.0.1, IP >>> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP >>> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/ >>> >>> So for mod_headers the expression isn't fully evaluated... >>> >>> Header set matched-dynamic false >>> <If "%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/"> >>> Header set matched-dynamic true >>> </If> >>> Header set matched-static false >>> <If "%{PeerExtList:2.5.29.17} =~ /159.107.78.131/"> >>> Header set matched-static true >>> </If> >>> >>> matched-dynamic: false >>> matched-static: true >>> >>> The match against a dynamic expression fails. >>> >>> Require expr "PeerExtList('2.5.29.17') =~ /'IP >>> Address:'.%{REMOTE_ADDR}(,|$)/" >>> Require expr "PeerExtList('2.5.29.17') =~ /'IP >>> Address:159.107.78.131'(,|$)/" >>> >>> These both fail :-( >>> >>> Thank you for your patience. >>> >> >> Hello?π >> > > Yann? I'm getting squeezed here, please help π© > Anybody?