Re: certificate auth mixed with ip auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I finally found something that seems to work:

SSLCACertificateFile /etc/apache2/ssl/ca.crt
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions -StdEnvVars -ExportCertData -FakeBasicAuth +StrictRequire

<Directory "/var/www/xxx">
  SSLRequireSSL
  SSLRequire %{SSL_CLIENT_S_DN_O} eq "xxx" and %{SSL_CLIENT_S_DN_OU} eq "xxx"

  RewriteEngine on
  RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
  RewriteCond %{REMOTE_ADDR} !^192\.168\.5\.5$
  RewriteCond %{REMOTE_ADDR} !^10\.8\.5\.4$
  RewriteRule ^ - [F]

  Require ip 192.168.5.5 10.8.5.4
  Satisfy Any
</Directory>

Tell me if there is a better solution

----- Mail original -----
> Hello,
> 
> Actually i am using certificate authentication and it works well, but
> i would like to allow some specific ip address to access my site
> without certificate.
> 
> I have tried several things with "allow from xxx" and "Satisfy any"
> but i failed to setup this correctly.
> 
> The actual configuration:
> 
> SSLCACertificateFile /etc/apache2/ssl/ca.crt
> SSLVerifyClient require
> SSLVerifyDepth 1
> SSLOptions -StdEnvVars -ExportCertData -FakeBasicAuth +StrictRequire
> 
> <Directory "/var/www/xxx">
>   SSLRequireSSL
>   SSLRequire %{SSL_CLIENT_S_DN_O} eq "xxx" and %{SSL_CLIENT_S_DN_OU}
>   eq "xxx"
> </Directory>
> 
> I am using Apache 2.4 on Ubuntu 14.04.
> 
> Regards.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux