Return-Path: <users-return-115026-archive-asf-public=cust-asf.ponee.io@httpd.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id CE0B1200C1B
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 14 Feb 2017 12:59:35 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id CB0AF160B5F; Tue, 14 Feb 2017 11:59:35 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 227B7160B52
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 14 Feb 2017 12:59:34 +0100 (CET)
Received: (qmail 90200 invoked by uid 500); 14 Feb 2017 11:59:33 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 90191 invoked by uid 99); 14 Feb 2017 11:59:33 -0000
Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Feb 2017 11:59:33 +0000
Received: from [192.168.43.168] (94.191.187.248.mobile.3.dk [94.191.187.248])
	by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id C9D511A00A2
	for <users@httpd.apache.org>; Tue, 14 Feb 2017 11:59:32 +0000 (UTC)
To: users@httpd.apache.org
References: <CAMdR1vUrnbjRbb6bhTbBYvHjxrmdokUYikDSo_9VpxBWJ1VaSw@mail.gmail.com>
From: Daniel Gruno <humbedooh@apache.org>
Message-ID: <d8d44bff-7a8f-dff3-bbfa-e8ba2636d42a@apache.org>
Date: Tue, 14 Feb 2017 12:59:29 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <CAMdR1vUrnbjRbb6bhTbBYvHjxrmdokUYikDSo_9VpxBWJ1VaSw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [users@httpd] mod_lua and subprocess_env
archived-at: Tue, 14 Feb 2017 11:59:36 -0000

On 02/14/2017 12:38 PM, Andrei Ivanov wrote:
> Hi,
> I'm trying to create a lua authorization script but I can't seem to
> access the request environment:
> 
> require 'apache2'
> 
> function authz_check_remote_ip_in_client_san(r)
>         r:err("remote_ip_in_client_san running...");
>         r:alert("uri: " .. r.uri);
>         r:alert("useragent_ip: " .. r.useragent_ip);
>         local ip = r.subprocess_env["REMOTE_ADDRESS"];
>         r:crit("REMOTE_ADDRESS: " .. (ip or "N/A"));
>         r:emerg("SSL_CLIENT_SAN_IPaddr: " ..
> (r.subprocess_env["SSL_CLIENT_SAN_IPaddr"] or "N/A"));


use r:ssl_var_lookup("SSL_CLIENT_SAN_IPaddr") instead.
r:ssl_var_lookup does the special SSL vars.

With regards,
Daniel.

> 
>         return apache2.AUTHZ_GRANTED
> end
> 
> The logs show entries like this for the values accessed from
> r.subprocess_env:
> REMOTE_ADDRESS: N/A
> SSL_CLIENT_SAN_IPaddr: N/A
> 
> 
> LuaScope thread
> LuaAuthzProvider remote_ip_in_client_san
> /etc/httpd/authz/authz_check_remote_ip_in_client_san.lua
> authz_check_remote_ip_in_client_san
> <Location />
>     Require remote_ip_in_client_san
> 
>     # these don't seem to work so I'm trying to implement them in a LUA
> script
>     #NSSRequire %{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}
>     #Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
> </Location>
> 
> What am I doing wrong?
> 
> Thank you in advance.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org