[users@httpd] httdp.conf - Action directive (need help)

Hi All, I need help in following respect. [image: Inline image 1] Following is the screenshot of my apache configuration. What I am trying to achive is - Any request to the - localhost/store/index.html localhost/store/.1234/index.html should trigger /cgi/query_track.cgi cgi script. It is wo

Re: [users@httpd] SSL_CLIENT_SAN IP addr validation

I think the nicest way would be like mod_ssl does with PeerExtList: Example SSLRequire "foobar" in PeerExtList("1.2.3.4.5.6") So at least it's nice to know Apache Httpd already does this in some cases. I guess I'll update my ticket, or maybe create a new one for all the subjectAltName variables.

Re: [users@httpd] SSL_CLIENT_SAN IP addr validation

As additional benefit, when you will be able to issue certificates with regular expressions matching whole subnets! :) -- With Best Regards, Marat Khalili On 19/12/16 20:41, Marat Khalili wrote: Are you suggesting to put the IP address with the DNS prefix instead of the proper IP prefix? Act

Re: [users@httpd] SSL_CLIENT_SAN IP addr validation

Are you suggesting to put the IP address with the DNS prefix instead of the proper IP prefix? Actually, I was not aware of official possibility of having an IP address in subjectAltName until 5 minutes ago :) But since Apache developers also didn't provide for this, using DNS prefix is definitel

[users@httpd] [Windows] Help debugging intermittent service start problems

I'm experiencing intermittent problems starting Apache on Windows 10. I've observed this behavior on approximately 10 different PCs with various iterations of Apache 2.4 including the latest, 2.4.23. I'm using x86 binaries from here: http://www.apachelounge.com/download/VC11/ If the problem occurs

Re: [users@httpd] SSL_CLIENT_SAN IP addr validation

Hmm, Are you suggesting to put the IP address with the DNS prefix instead of the proper IP prefix? Also what about the possibility of having a variable number of addresses there? It would have been nice to have something like "%{REMOTE_ADDR} in %{ SSL_CLIENT_SAN_IPaddrs}", where SSL_CLIENT_SAN_IPa

Re: [users@httpd] SSL_CLIENT_SAN IP addr validation

If you really put IP address in domain subjectAltName and want to verify it, I suppose expression should be something like this: Require expr "%{SSL_CLIENT_SAN_DNS_1} == %{REMOTE_ADDR}" -- With Best Regards, Marat Khalili On 19/12/16 18:48, Andrei Ivanov wrote: Hi, Yes, I did notice the s

Re: [users@httpd] SSL_CLIENT_SAN IP addr validation

Salam, Are you related to Nabila Khalili by chance?? On Dec 19, 2016 10:41 AM, "Marat Khalili" wrote: > Docs suggest > using > Require expr in place of SSLRequire. Require expr supports such variables > as REMOTE_ADDR and CONN_REMO

Re: [users@httpd] SSL_CLIENT_SAN IP addr validation

Hi, Yes, I did notice the suggestion of using Require expr, the problem is that I don't know what expression I could use, with the details explained bellow. Anyway to do this without a variable containing the subjectAltName IP address? Regarding if this actually makes sense or not is a different

Re: [users@httpd] SSL_CLIENT_SAN IP addr validation

Docs suggest using Require expr in place of SSLRequire. Require expr supports such variables as REMOTE_ADDR and CONN_REMOTE_ADDR. In any case, I do not see much sense in issuing or verifying certificates with IP address in subject

[users@httpd] Re: SSL_CLIENT_SAN IP addr validation

Anybody? :-/ On Thu, Dec 15, 2016 at 12:46 PM, Andrei Ivanov wrote: > Hi, > I'm trying to validate incoming requests by comparing the request IP to > the IP addresses provided in the client certificate subjectAltName. > > Searching around, I found http://wiki.cacert.org/ > ApacheServerClientCert