Bug #3276
closed$HTTP["remoteip"]|match on the remote IP address or a remote doesn't work with IPv6
Description
$HTTP["remoteip"]|match on the remote IP address or a remote network == or != CIDR mask (works Network (Warning: doesn't work with IPv6 since 1.4.40)| enabled)|
Is there any way arround this for dual stack networks, firefox now is checking wpad with ipv6 before ipv4 it works when I disable the ipv6 on the machine attempting to access the wpad.
When I am configuring the variable $HTTP["remoteip"] I can not get dual stack to work for some reason is there a way to have a or statement and use a dual stack system for this?
Example
$HTTP["remoteip"] != "192.168.1.0/27" {
url.access-deny = ( "" )
}
$HTTP["url"] =~ "^/wpad.dat" {
$HTTP["remoteip"] == "192.168.1.0/27" {
}
else {
url.access-deny = ( "" )
}
}
$HTTP["url"] =~ "^/proxy.pac" {
$HTTP["remoteip"] == "192.168.1.0/27" {
}
else {
url.access-deny = ( "" )
}
}
$HTTP["url"] =~ "^/wpad.da" {
$HTTP["remoteip"] == "192.168.1.0/27" {
}
else {
url.access-deny = ( "" )
}
}
what I want to do is something like this:
$HTTP["url"] =~ "^/wpad.da" {
$HTTP["remoteip"] == ("192.168.1.0/27" || "numb:numb:numb:a::/64") {
}
else {
url.access-deny = ( "" )
}
}
However if I attempt to do a dual stack the lighttpd server turns off in the /var/logs/lighttpd/error
Updated by jonathanlee 3 months ago
root@Zero:~# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 classified:porthere 0.0.0.0:* LISTEN 594/sshd: /usr/sbin
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 610/lighttpd
tcp6 0 0 :::80 :::* LISTEN 610/lighttpd
udp6 0 0 fe80::2a60:39f5:d44:546 :::* 506/NetworkManager
root@Zero:~#
my system does listen on dual stack
Updated by gstrauss 3 months ago
- Description updated (diff)
- Category deleted (
mod_access) - Status changed from New to Invalid
- Priority changed from Normal to Low
- Target version deleted (
1.4.78)
This is not a bug in mod_access
This is not a bug in lighttpd.
As I posted in https://redmine.lighttpd.net/boards/2/topics/11781, a good way to lose all credibility is to fail to read the documentation and to fabricate invalid syntax.
Updated by jonathanlee 3 months ago
Thanks for the reply I am a full computer science student,
I got it to work only this way...
$HTTP["remoteip"] != ["192.168.1.0/27"|"redacted:a::/64"]{
url.access-deny = ( "" )
}
}
$HTTP["url"] =~ "^/wpad.dat" {
$HTTP["remoteip"] == ["192.168.1.0/27"|"redacted:a::/64"]{
}
else {
url.access-deny = ( "" )
}
}
$HTTP["url"] =~ "^/proxy.pac" {
$HTTP["remoteip"] == ["192.168.1.0/27"|"redacted:a::/64"]{
}
else {
url.access-deny = ( "" )
}
}
$HTTP["url"] =~ "^/wpad.da" {
$HTTP["remoteip"] == ["192.168.1.0/27"|"redacted:a::/64"]{
}
else {
url.access-deny = ( "" )
}
}
This is the only way it would start for me
root@Zero:~# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.1.6:8085 0.0.0.0:* LISTEN 582/sshd: /usr/sbin
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10085/lighttpd
tcp6 0 0 :::80 :::* LISTEN 10085/lighttpd
udp6 0 0 fe80::2a60:39f5:d44:546 :::* 507/NetworkManager
root@Zero:~# systemctl status lighttpd.service
โ lighttpd.service - Lighttpd Daemon
Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; preset: enabled)
Active: active (running) since Wed 2025-02-05 19:40:15 PST; 2min 33s ago
Process: 10066 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=0/SUCCESS)
Main PID: 10085 (lighttpd)
Tasks: 1 (limit: 179)
CPU: 2.267s
CGroup: /system.slice/lighttpd.service
โโ10085 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
Feb 05 19:40:14 Zero systemd1: Starting lighttpd.service - Lighttpd Daemon...
Feb 05 19:40:15 Zero systemd1: Started lighttpd.service - Lighttpd Daemon.
Thanks for showing me the link to the correct syntax
<string> : '"' [text] '"'
I really missed reading that. Thanks for the link. Great product, we donated some money to this project thanks.
Updated by gstrauss 3 months ago ยท Edited
I suggest that anyone reading this topic ignore the computer science student who has posted untested and invalid syntax.
jonathanlee: please learn how to use an HTML <pre> tags in your posts and please do not post invalid lighttpd syntax. Perhaps that is your pseudocode? It is not valid lighttpd.conf syntax.
This bug is invalid. Stop posting here.
You did not find a bug that lighttpd 1.4.40 does not support IPv6 in $HTTP["remoteip"]
I posted: #2706 Matching IPv6 addresses with $HTTP["remoteip"]
where I added that support in lighttpd 1.4.40.
In any case, I will be deleting this bug. It is invalid and your post title and post contents are misleading.
Also available in: Atom