Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id B6008200C1B for ; Tue, 14 Feb 2017 13:24:33 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id B4835160B5F; Tue, 14 Feb 2017 12:24:33 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 32968160B52 for ; Tue, 14 Feb 2017 13:24:32 +0100 (CET) Received: (qmail 50550 invoked by uid 500); 14 Feb 2017 12:24:30 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 50540 invoked by uid 99); 14 Feb 2017 12:24:30 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Feb 2017 12:24:30 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 2A628186132 for ; Tue, 14 Feb 2017 12:24:29 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.38 X-Spam-Level: ** X-Spam-Status: No, score=2.38 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id pPARRDm8b0sE for ; Tue, 14 Feb 2017 12:24:23 +0000 (UTC) Received: from mail-vk0-f68.google.com (mail-vk0-f68.google.com [209.85.213.68]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 5A3AA5F1B3 for ; Tue, 14 Feb 2017 12:24:23 +0000 (UTC) Received: by mail-vk0-f68.google.com with SMTP id 23so10186003vkc.2 for ; Tue, 14 Feb 2017 04:24:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=H/4vTMeXYWOdJCW306LqsEEBt7Rw9E9fvGzqiYgiBbI=; b=GKi1wf52McSN4uT2qLmvltB1zbEDw1nZWz3nkoRlUoxK4C6lEjn5dq8HJjAt/n1Z6J iEV0i0iX9QZWvNkGDqH/RmSnWIO7+iQPSLlbzgvosLTyWxWML3LcCfm0JQ/TEn2lcTYM HoQzHkZpnsZA0fXDcelyxG0xIvGBy3YeTwYqSxlN71VGA1XdFvUVjiZKDhAy2jAhz668 GFSsu5tYO2LS0xLL7IQWukvwBDMDv3Q4fKEMPXOdEKDd0hfEgPxVNP5YWTAk+VtN/K/8 jEMZhNUU/LxzrJeLyTDSn+nEA0h8rK6UegwbpngFFttwxuE9YkTL4lIGjVdawh6el2X4 ysVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=H/4vTMeXYWOdJCW306LqsEEBt7Rw9E9fvGzqiYgiBbI=; b=C9yaMRvgEbU+r4EpOW8tXHdbkxeWjT3ZwCNwod7ndF3W7tTWicDzGvc7BXVmaU3gZq bXhU4o2LiWRPBDLhtEO0atfQNooMuP9vKOirSDO13POB76CBc8sF+5m4JOtIu+Jg9vlz YC8kSEeXpC0TJmDpMRiUpCjDkHGjsEsCgYQJ9mCNNPG48PjGfmMoD9ne6STvNF5e3fAJ qK+zCiTbVGYQp1B3nRaxx4DcrfwrUgadh88ZAjWQr1o9A2LC21QvvvIhyN7e1SS88Xth 8Tl5PRrP9NjF+TeyUorG4bFfjGTDxMydLHmEQU3M68Iub9D6poYLQezs4XQy3TrYREwo 7Jew== X-Gm-Message-State: AMke39lYXuzQIAAjg13ia+yzEhLywsEudX1AifrN2ONiEjyFTdgEXLyszajlYg6aj0CF6iKXAwOtgi18ptyekQ== X-Received: by 10.31.183.136 with SMTP id h130mr14213903vkf.131.1487075062767; Tue, 14 Feb 2017 04:24:22 -0800 (PST) MIME-Version: 1.0 Received: by 10.176.65.105 with HTTP; Tue, 14 Feb 2017 04:24:22 -0800 (PST) In-Reply-To: <20946643-ec0d-1260-06d9-6246e182a421@apache.org> References: <20946643-ec0d-1260-06d9-6246e182a421@apache.org> From: Andrei Ivanov Date: Tue, 14 Feb 2017 14:24:22 +0200 Message-ID: To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=001a11439dacdeec8e05487ca4fe Subject: Re: [users@httpd] mod_lua and subprocess_env archived-at: Tue, 14 Feb 2017 12:24:33 -0000 --001a11439dacdeec8e05487ca4fe Content-Type: text/plain; charset=UTF-8 On Tue, Feb 14, 2017 at 2:19 PM, Daniel Gruno wrote: > On 02/14/2017 01:16 PM, Andrei Ivanov wrote: > > On Tue, Feb 14, 2017 at 1:59 PM, Daniel Gruno > > wrote: > > > > On 02/14/2017 12:38 PM, Andrei Ivanov wrote: > > > Hi, > > > I'm trying to create a lua authorization script but I can't seem to > > > access the request environment: > > > > > > require 'apache2' > > > > > > function authz_check_remote_ip_in_client_san(r) > > > r:err("remote_ip_in_client_san running..."); > > > r:alert("uri: " .. r.uri); > > > r:alert("useragent_ip: " .. r.useragent_ip); > > > local ip = r.subprocess_env["REMOTE_ADDRESS"]; > > > r:crit("REMOTE_ADDRESS: " .. (ip or "N/A")); > > > r:emerg("SSL_CLIENT_SAN_IPaddr: " .. > > > (r.subprocess_env["SSL_CLIENT_SAN_IPaddr"] or "N/A")); > > > > > > What about r.subprocess_env["REMOTE_ADDRESS"]? Shouldn't that work at > least? > > Not exactly, this isn't CGI - the remote IP is exposed through > r.useragent_ip. Getting environment variables is tricky since the Lua VM > is sort of detached from the actual thread handling the request. > I was using the REMOTE_ADDRESS since it was used as an example in a post :-) http://lua-users.org/lists/lua-l/2010-07/msg00671.html Is subprocess_env working at all? > > > > > > use r:ssl_var_lookup("SSL_CLIENT_SAN_IPaddr") instead. > > r:ssl_var_lookup does the special SSL vars. > > > > > > I don't get a nil now anymore, but I seem to get back an empty string :-( > > SSL_CLIENT_SAN_IPaddr should be exposed by mod_nss, activated in this > > virtual host. > > If it's not exposed by mod_ssl, then it may not be available through > that call. You should try finding the corresponding mod_ssl variable if > possible. > > I'm using mod_nss exactly because mod_ssl doesn't expose that variable and my issue that requests that is sitting ignored for 2 months now :-( I was hoping this would help: NSSOptions +StdEnvVars > > > > > > > > With regards, > > Daniel. > > > > > > > > return apache2.AUTHZ_GRANTED > > > end > > > > > > The logs show entries like this for the values accessed from > > > r.subprocess_env: > > > REMOTE_ADDRESS: N/A > > > SSL_CLIENT_SAN_IPaddr: N/A > > > > > > > > > LuaScope thread > > > LuaAuthzProvider remote_ip_in_client_san > > > /etc/httpd/authz/authz_check_remote_ip_in_client_san.lua > > > authz_check_remote_ip_in_client_san > > > > > > Require remote_ip_in_client_san > > > > > > # these don't seem to work so I'm trying to implement them in > a LUA > > > script > > > #NSSRequire %{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr} > > > #Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}" > > > > > > > > > What am I doing wrong? > > > > > > Thank you in advance. > > > > > > ------------------------------------------------------------ > --------- > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > > > > For additional commands, e-mail: users-help@httpd.apache.org > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --001a11439dacdeec8e05487ca4fe Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On T= ue, Feb 14, 2017 at 2:19 PM, Daniel Gruno <humbedooh@apache.org>= wrote:
On 02/14/2017 01:16 PM, Andrei Ivanov wrote:
> On Tue, Feb 14, 2017 at 1:59 PM, Daniel Gruno <humbedooh@apache.org
> <mailto:humbedooh@apache.org>> wrote:
>
>=C2=A0 =C2=A0 =C2=A0On 02/14/2017 12:38 PM, Andrei Ivanov wrote:
>=C2=A0 =C2=A0 =C2=A0> Hi,
>=C2=A0 =C2=A0 =C2=A0> I'm trying to create a lua authorization s= cript but I can't seem to
>=C2=A0 =C2=A0 =C2=A0> access the request environment:
>=C2=A0 =C2=A0 =C2=A0>
>=C2=A0 =C2=A0 =C2=A0> require 'apache2'
>=C2=A0 =C2=A0 =C2=A0>
>=C2=A0 =C2=A0 =C2=A0> function authz_check_remote_ip_in_client_= san(r)
>=C2=A0 =C2=A0 =C2=A0>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r:err("r= emote_ip_in_client_san running...");
>=C2=A0 =C2=A0 =C2=A0>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r:alert("= ;uri: " .. r.uri);
>=C2=A0 =C2=A0 =C2=A0>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r:alert("= ;useragent_ip: " .. r.useragent_ip);
>=C2=A0 =C2=A0 =C2=A0>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0local ip =3D = r.subprocess_env["REMOTE_ADDRESS"];
>=C2=A0 =C2=A0 =C2=A0>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r:crit("= REMOTE_ADDRESS: " .. (ip or "N/A"));
>=C2=A0 =C2=A0 =C2=A0>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r:emerg("= ;SSL_CLIENT_SAN_IPaddr: " ..
>=C2=A0 =C2=A0 =C2=A0> (r.subprocess_env["SSL_CLIENT_SAN_IP= addr"] or "N/A"));
>
>
> What about r.subprocess_env["REMOTE_ADDRESS"]? Shouldn&= #39;t that work at least?

Not exactly, this isn't CGI - the remote IP is exposed through r.useragent_ip. Getting environment variables is tricky since the Lua VM is sort of detached from the actual thread handling the request.

I was using the REMOTE_ADDRESS since it was used = as an example in a post :-)
http://lua-users.org/lists/lua-l/2010-07/msg00671.ht= ml
Is subprocess_env working at all?

<= /div>

>
>
>=C2=A0 =C2=A0 =C2=A0use r:ssl_var_lookup("SSL_CLIENT_SAN_IPad= dr") instead.
>=C2=A0 =C2=A0 =C2=A0r:ssl_var_lookup does the special SSL vars.
>
>
> I don't get a nil now anymore, but I seem to get back an empty str= ing :-(
> SSL_CLIENT_SAN_IPaddr should be exposed by mod_nss, activated in this<= br> > virtual host.

If it's not exposed by mod_ssl, then it may not be available thr= ough
that call. You should try finding the corresponding mod_ssl variable if
possible.

I'm using mod_nss e= xactly because mod_ssl doesn't expose that variable and my issue that r= equests that is sitting ignored for 2 months now :-(
I was ho= ping this would help:
<Files ~ "\.(cgi|shtml|phtml|php3|lua?)$&q= uot;>
=C2=A0=C2=A0=C2=A0 NSSOptions +StdEnvVars
</Files>
=
=C2=A0
>
>
>
>=C2=A0 =C2=A0 =C2=A0With regards,
>=C2=A0 =C2=A0 =C2=A0Daniel.
>
>=C2=A0 =C2=A0 =C2=A0>
>=C2=A0 =C2=A0 =C2=A0>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return apache= 2.AUTHZ_GRANTED
>=C2=A0 =C2=A0 =C2=A0> end
>=C2=A0 =C2=A0 =C2=A0>
>=C2=A0 =C2=A0 =C2=A0> The logs show entries like this for the values= accessed from
>=C2=A0 =C2=A0 =C2=A0> r.subprocess_env:
>=C2=A0 =C2=A0 =C2=A0> REMOTE_ADDRESS: N/A
>=C2=A0 =C2=A0 =C2=A0> SSL_CLIENT_SAN_IPaddr: N/A
>=C2=A0 =C2=A0 =C2=A0>
>=C2=A0 =C2=A0 =C2=A0>
>=C2=A0 =C2=A0 =C2=A0> LuaScope thread
>=C2=A0 =C2=A0 =C2=A0> LuaAuthzProvider remote_ip_in_client_san
>=C2=A0 =C2=A0 =C2=A0> /etc/httpd/authz/authz_check_remote_ip_in= _client_san.lua
>=C2=A0 =C2=A0 =C2=A0> authz_check_remote_ip_in_client_san
>=C2=A0 =C2=A0 =C2=A0> <Location />
>=C2=A0 =C2=A0 =C2=A0>=C2=A0 =C2=A0 =C2=A0Require remote_ip_in_client= _san
>=C2=A0 =C2=A0 =C2=A0>
>=C2=A0 =C2=A0 =C2=A0>=C2=A0 =C2=A0 =C2=A0# these don't seem to w= ork so I'm trying to implement them in a LUA
>=C2=A0 =C2=A0 =C2=A0> script
>=C2=A0 =C2=A0 =C2=A0>=C2=A0 =C2=A0 =C2=A0#NSSRequire %{REMOTE_ADDR} = in %{SSL_CLIENT_SAN_IPaddr}
>=C2=A0 =C2=A0 =C2=A0>=C2=A0 =C2=A0 =C2=A0#Require expr "%{REMOT= E_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
>=C2=A0 =C2=A0 =C2=A0> </Location>
>=C2=A0 =C2=A0 =C2=A0>
>=C2=A0 =C2=A0 =C2=A0> What am I doing wrong?
>=C2=A0 =C2=A0 =C2=A0>
>=C2=A0 =C2=A0 =C2=A0> Thank you in advance.
>
>
>=C2=A0 =C2=A0 =C2=A0----------------------------------------------= -----------------------
>=C2=A0 =C2=A0 =C2=A0To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>=C2=A0 =C2=A0 =C2=A0<mailto:users-unsubscribe@httpd.apache.org>
>=C2=A0 =C2=A0 =C2=A0For additional commands, e-m= ail: users-help@httpd.apache= .org
>=C2=A0 =C2=A0 =C2=A0<mailto:users-help@httpd.apache.org>
>
>


-----------------------------------------------------------------= ----
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


--001a11439dacdeec8e05487ca4fe--