On October 1, 2012 9:17 , Tom Browder <tom.browder@xxxxxxxxx> wrote:
Inside the restricted area I have: SSLVerifyClient require The reason I do that is to log access by my clients even though they don't attempt to enter the restricted area. I have found that the configuration doesn't restrict CGI programs at all as I have them placed
Then something weird is going on. "SSLVerifyClient require" should prevent any client from accessing the CGI programs unless it has a valid certificate. I suggest using mod_info to check how various directives are actually being combined by the web server, and make sure that the configuration is what you think it is.
If that fails, try posting the relevant sections of the configuration here, including the Alias / ScriptAlias directives, the Directory stanza for the directory where the CGI programs reside (I'm assuming you're not using Location), the directives inside the Directory stanza, and then the URL that, when a client requests it, results in access being granted despite the client not presenting a certificate.
-- Mark Montague mark@xxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|