I finally found something that seems to work: SSLCACertificateFile /etc/apache2/ssl/ca.crt SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions -StdEnvVars -ExportCertData -FakeBasicAuth +StrictRequire <Directory "/var/www/xxx"> SSLRequireSSL SSLRequire %{SSL_CLIENT_S_DN_O} eq "xxx" and %{SSL_CLIENT_S_DN_OU} eq "xxx" RewriteEngine on RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$ RewriteCond %{REMOTE_ADDR} !^192\.168\.5\.5$ RewriteCond %{REMOTE_ADDR} !^10\.8\.5\.4$ RewriteRule ^ - [F] Require ip 192.168.5.5 10.8.5.4 Satisfy Any </Directory> Tell me if there is a better solution ----- Mail original ----- > Hello, > > Actually i am using certificate authentication and it works well, but > i would like to allow some specific ip address to access my site > without certificate. > > I have tried several things with "allow from xxx" and "Satisfy any" > but i failed to setup this correctly. > > The actual configuration: > > SSLCACertificateFile /etc/apache2/ssl/ca.crt > SSLVerifyClient require > SSLVerifyDepth 1 > SSLOptions -StdEnvVars -ExportCertData -FakeBasicAuth +StrictRequire > > <Directory "/var/www/xxx"> > SSLRequireSSL > SSLRequire %{SSL_CLIENT_S_DN_O} eq "xxx" and %{SSL_CLIENT_S_DN_OU} > eq "xxx" > </Directory> > > I am using Apache 2.4 on Ubuntu 14.04. > > Regards. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx