On Sun, Sep 30, 2012 at 7:44 PM, Mark Montague <mark@xxxxxxxxxxx> wrote: > On September 30, 2012 19:45 , Tom Browder <tom.browder@xxxxxxxxx> wrote: >> >> Does anyone have a pointer to help on restricting a directory to >> access only with valid SSL Client Certificates and how to work CGI >> scripts to respect that restriction? ... > So you are allowing requests for the CGI from any web browser, without a > client certificate, but you then want to restrict what the CGI can do when > it is running? > > A CGI won't "respect" web server configuration for what clients can access > what content, because CGIs can't "see" web server configuration. The web > server invokes the CGI, and the CGI can do whatever it wants to do from that > point on. The only restrictions on a running CGI are those imposed by the > operating system. So, Mark, what about something like this: + if the cgi prog: - finds the appropriate SSL cert envvar to be defined - finds that envvar to satisfy apprporiate criteria + then - run to normal completion + otherwise - return not authorized Best, -Tom --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|