[users@httpd] If statement evaluating an http header against a pattern is always true even though it should not

[Christian Georg <ma...@christiangeorg.de>]

Hi all,


I am running an apache 2.4.7 on CentOS 6.7

I am trying to perform request routing within a reverse proxy based on the x-auth header, but for some reasons the if and elseif statements are alwyas evalutaing to true.



Here is the part from the config. This is contained in the virtual host section of my config file.


# making sure that the variables do have a default value, if none of the if statements are during true then these values should show up

Define ifLocation1 False
Define ifLocation2 False
Define ServerLocation Location-default


<If "%{HTTP:x-auth} -strcmatch 'XXXXXXXX' " >
      Define ServerLocation Location-1
      Define ifLocation1 true
</If>
<ElseIf "%{HTTP:x-auth} =~ m#YYYYYYY#i " >
       Define ServerLocation Location-2
       Define ifLocation2 true
</ElseIf>

I am using strcmatch and =~ for testing purposes to find out which matches my needs. what I would actually like to achieve is a check if the token ends with with XXXXXXX and then move to Location-1 or with YYYYYY and move to Location-2. in all other cases I want to use the default location.

The token we use in the x-auth header do neither contain XXXXXXXX nor YYYYYYY so I would expect the Server Location to be "Location-default"
The part I do not understand is why ifLocation1 and ifLocation2 are both set to true and the ServerLocation contains the value of the last define statement, which is "Location-2"

For logging of the relevant info I am using the following statement

CustomLog ${APACHE_LOG_DIR}/token.log "i:%{x-auth}i o:%{x-auth}o  decision:${ServerLocation}  Statement1:${ifLocation1} Statement2:${ifLocation2}

For requests that do not contain a token or x-auth header I am getting
i:- o:-  decision:Location-2  Statement1:true Statement2:true

For requests with a token I am getting pretty much the same, jsut with a token included

i:itwefq9od2j9r2a0f9tz03djkattwerawg_fddsdwra_wrqs o:-  decision:Location-2  Statement1:true Statement2:true

I am currently running out of ideas on what I am doing wrong and why the if statements always evaluate to true. Any help is appreciated

Thanks

Chris

Re: [users@httpd] If statement evaluating an http header against a pattern is always true even though it should not

[Eric Covener <co...@gmail.com>]

On Wed, Nov 4, 2015 at 8:23 AM, Christian Georg <ma...@christiangeorg.de> wrote:
> Hi Eric, et all
>
> this would explain the issue I am having. I am not that familiar with apache. Do you have any suggestion how I can perform the reverse proxying based on the X-auth header? or any suggestion how to use another kind of variable which will set conditionally? Including the Proxypass statement directly within the iff statement is not possible
>

Put ProxyPass inside of <if>, or use mod_rewrite with the [P] flag for
even finer grained control. If you do the latter, refer to the section
in the mod_proxy manual about manually creating a "worker".

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

AW: [users@httpd] If statement evaluating an http header against a pattern is always true even though it should not

[Christian Georg <ma...@christiangeorg.de>]

Hi Eric, et all 

this would explain the issue I am having. I am not that familiar with apache. Do you have any suggestion how I can perform the reverse proxying based on the X-auth header? or any suggestion how to use another kind of variable which will set conditionally? Including the Proxypass statement directly within the iff statement is not possible

Thanks

Chris
________________________________________
Von: Eric Covener <co...@gmail.com>
Gesendet: Mittwoch, 4. November 2015 13:56
An: users@httpd.apache.org
Betreff: Re: [users@httpd] If statement evaluating an http header against a pattern is always true even though it should not

I think your problem is that Define is executed immediately when it's
read, at startup. It's a rare special case like e.g. Include.

It cannot be processeed per-request, which is what <if> is for. I
vaguelly recall a later discussion/patch blocking that Context for
Define.

On Wed, Nov 4, 2015 at 7:41 AM, Christian Georg <ma...@christiangeorg.de> wrote:
> Hi all,
>
>
> I am running an apache 2.4.7 on CentOS 6.7
>
> I am trying to perform request routing within a reverse proxy based on the
> x-auth header, but for some reasons the if and elseif statements are alwyas
> evalutaing to true.
>
>
>
> Here is the part from the config. This is contained in the virtual host
> section of my config file.
>
>
> # making sure that the variables do have a default value, if none of the if
> statements are during true then these values should show up
>
> Define ifLocation1 False
> Define ifLocation2 False
> Define ServerLocation Location-default
>
>
> <If "%{HTTP:x-auth} -strcmatch 'XXXXXXXX' " >
>       Define ServerLocation Location-1
>       Define ifLocation1 true
> </If>
> <ElseIf "%{HTTP:x-auth} =~ m#YYYYYYY#i " >
>        Define ServerLocation Location-2
>        Define ifLocation2 true
> </ElseIf>
>
> I am using strcmatch and =~ for testing purposes to find out which matches
> my needs. what I would actually like to achieve is a check if the token ends
> with with XXXXXXX and then move to Location-1 or with YYYYYY and move to
> Location-2. in all other cases I want to use the default location.
>
> The token we use in the x-auth header do neither contain XXXXXXXX nor
> YYYYYYY so I would expect the Server Location to be "Location-default"
> The part I do not understand is why ifLocation1 and ifLocation2 are both set
> to true and the ServerLocation contains the value of the last define
> statement, which is "Location-2"
>
> For logging of the relevant info I am using the following statement
>
> CustomLog ${APACHE_LOG_DIR}/token.log "i:%{x-auth}i o:%{x-auth}o
> decision:${ServerLocation}  Statement1:${ifLocation1}
> Statement2:${ifLocation2}
>
> For requests that do not contain a token or x-auth header I am getting
> i:- o:-  decision:Location-2  Statement1:true Statement2:true
>
> For requests with a token I am getting pretty much the same, jsut with a
> token included
>
> i:itwefq9od2j9r2a0f9tz03djkattwerawg_fddsdwra_wrqs o:-  decision:Location-2
> Statement1:true Statement2:true
>
> I am currently running out of ideas on what I am doing wrong and why the if
> statements always evaluate to true. Any help is appreciated
>
> Thanks
>
> Chris
>
>
>



--
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] If statement evaluating an http header against a pattern is always true even though it should not

[Eric Covener <co...@gmail.com>]

I think your problem is that Define is executed immediately when it's
read, at startup. It's a rare special case like e.g. Include.

It cannot be processeed per-request, which is what <if> is for. I
vaguelly recall a later discussion/patch blocking that Context for
Define.

On Wed, Nov 4, 2015 at 7:41 AM, Christian Georg <ma...@christiangeorg.de> wrote:
> Hi all,
>
>
> I am running an apache 2.4.7 on CentOS 6.7
>
> I am trying to perform request routing within a reverse proxy based on the
> x-auth header, but for some reasons the if and elseif statements are alwyas
> evalutaing to true.
>
>
>
> Here is the part from the config. This is contained in the virtual host
> section of my config file.
>
>
> # making sure that the variables do have a default value, if none of the if
> statements are during true then these values should show up
>
> Define ifLocation1 False
> Define ifLocation2 False
> Define ServerLocation Location-default
>
>
> <If "%{HTTP:x-auth} -strcmatch 'XXXXXXXX' " >
>       Define ServerLocation Location-1
>       Define ifLocation1 true
> </If>
> <ElseIf "%{HTTP:x-auth} =~ m#YYYYYYY#i " >
>        Define ServerLocation Location-2
>        Define ifLocation2 true
> </ElseIf>
>
> I am using strcmatch and =~ for testing purposes to find out which matches
> my needs. what I would actually like to achieve is a check if the token ends
> with with XXXXXXX and then move to Location-1 or with YYYYYY and move to
> Location-2. in all other cases I want to use the default location.
>
> The token we use in the x-auth header do neither contain XXXXXXXX nor
> YYYYYYY so I would expect the Server Location to be "Location-default"
> The part I do not understand is why ifLocation1 and ifLocation2 are both set
> to true and the ServerLocation contains the value of the last define
> statement, which is "Location-2"
>
> For logging of the relevant info I am using the following statement
>
> CustomLog ${APACHE_LOG_DIR}/token.log "i:%{x-auth}i o:%{x-auth}o
> decision:${ServerLocation}  Statement1:${ifLocation1}
> Statement2:${ifLocation2}
>
> For requests that do not contain a token or x-auth header I am getting
> i:- o:-  decision:Location-2  Statement1:true Statement2:true
>
> For requests with a token I am getting pretty much the same, jsut with a
> token included
>
> i:itwefq9od2j9r2a0f9tz03djkattwerawg_fddsdwra_wrqs o:-  decision:Location-2
> Statement1:true Statement2:true
>
> I am currently running out of ideas on what I am doing wrong and why the if
> statements always evaluate to true. Any help is appreciated
>
> Thanks
>
> Chris
>
>
>



-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org