On Thu, Feb 16, 2017 at 5:20 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
> On Thu, Feb 16, 2017 at 2:46 PM, Andrei Ivanov <andrei.iva...@gmail.com>
> wrote:
> >
> > I gave it a try, but seems to reach the same limitation of the expression
> > engine :-(
> > NSSRequire %{REMOTE_ADDR} in PeerExtList('2.5.29.17')
> > or
> > Require expr "%{REMOTE_ADDR} in PeerExtList('2.5.29.17')"
> >
> > AH00526: Syntax error on line 229 of /etc/httpd/conf.d/nss.conf:
> > Cannot parse expression in require line: syntax error, unexpected $end
>
> This (PeerExtList), for once, is a mod_ssl (and possibly not mod_nss?)
> extension...
>
> Hmm, indeed.
This one still doesn't work:
Require expr "%{REMOTE_ADDR} in PeerExtList('2.5.29.17')"
AH00526: Syntax error on line 145 of /etc/httpd/conf.d/ssl.conf:
Cannot parse expression in require line: syntax error, unexpected $end
But this one passes the configuration check:
SSLRequire %{REMOTE_ADDR} in PeerExtList('2.5.29.17')
The problem now is that I can't get it to pass when testing it with
requests :-(
[Thu Feb 16 18:12:38.928842 2017] [ssl:info] [pid 29931] [client
159.107.78.128:60511] AH02266: Access to /var/www/html/index.php denied for
159.107.78.128 (requirement expression not fulfilled)
[Thu Feb 16 18:12:38.928961 2017] [ssl:info] [pid 29931] [client
159.107.78.128:60511] AH02228: Failed expression: %{REMOTE_ADDR} in
PeerExtList('2.5.29.17')
[Thu Feb 16 18:12:38.928972 2017] [ssl:error] [pid 29931] [client
159.107.78.128:60511] AH02229: access to /var/www/html/index.php failed,
reason: SSL requirement expression not fulfilled
The client certificate gets validated, but the expression fails.
Is there a way to debug this? To print the values from the expression in
the logs maybe?
>
> Regards,
> Yann.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
