Selecting SSLProxyMachineCertificateFile based on destination address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I’m trying to setup a proxy server which selects the correct certificate based on destination IP-address. I’m using apache 2.4 on CentOS 6.6.

I’m using the following configuration:

<VirtualHost *:3128>
  SSLProxyEngine On
  SSLProxyVerify require
  SSLProxyVerifyDepth 10
  <If "%{REMOTE_ADDR} -ipmatch '192.168.0.0/24'">
    SSLProxyMachineCertificateFile /etc/pki/tls/certs/example.com.cer
    SSLProxyCACertificateFile   /etc/pki/tls/certs/ca.cer
  </If>
  <Else>
    SSLProxyMachineCertificateFile /etc/pki/tls/certs/example.org.cer
    SSLProxyCACertificateFile   /etc/pki/tls/certs/ca.cer
  </Else>

  RewriteEngine On
  RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [NC,P]

  ProxyPreserveHost On
  ProxyPass            /  https://$1/
  ProxyPassReverse     /  https://$1/
</VirtualHost>

But I’m getting the following error when I start the httpd service:
Starting httpd: AH00526: Syntax error on line 8 of /opt/rh/httpd24/root/etc/httpd/conf.d/forward_ssl_proxy.conf:
SSLProxyMachineCertificateFile not allowed here
                                                           [FAILED]

Can someone help me how to achieve my goal by using the correct certificate based on destination address?

With kind regards,

Abdelouahed

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux