httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marat Khalili <>
Subject Re: [users@httpd] SSL_CLIENT_SAN IP addr validation
Date Mon, 19 Dec 2016 17:41:24 GMT
> Are you suggesting to put the IP address with the DNS prefix instead 
> of the proper IP prefix?
Actually, I was not aware of official possibility of having an IP 
address in subjectAltName until 5 minutes ago :) But since Apache 
developers also didn't provide for this, using DNS prefix is definitely 
an option.

> Also what about the possibility of having a variable number of 
> addresses there?
Provided you are not going to have too many SANs, quick and dirty 
solution would be:
> Require expr "%{REMOTE_ADDR} =~ 
(Missing variables will expand to empty strings). I hope  I know it's 
ugly as hell, but so are client certificates with multiple IP address 


With Best Regards,
Marat Khalili

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message