P.S. Nevermind the port 4433 in the example, that's because load balancer port natting. The vHost works fine with outbound port 443. This question is only about the if/else block in combination with SSLCipherSuite. > Gesendet: Mittwoch, 24. Februar 2021 um 14:12 Uhr > Von: "Hildegard Meier" <daku8938@xxxxxx> > An: users@xxxxxxxxxxxxxxxx > Betreff: Set SSLCipherSuite dependent on client IP > > Hello, > > having Ubuntu 14 server with Apache 2.4.7 > > I configured to have SSLCipherSuite dependent on the client IP address. > > But the If/Else directive seems to be just silently ignored, only and always the global default SSLCipherSuite value is in effect. > > The SSLCipherSuite given in the If or Else block (which should be taken for every client that is not in the 1.2.3.0/26 network) is not taken. > > Why does this not work? > Is there another way to achieve the goal? > > > Here the vHost config: > > <VirtualHost *:4433> > > ServerName ssl-test.example.com > > DocumentRoot "/var/www/docs/empty" > > SSLEngine on > SSLCertificateKeyFile "/etc/apache2/ssl/keys/test.key" > SSLCertificateFile "/etc/apache2/ssl/certs/test.crt" > SSLCertificateChainFile "/etc/apache2/ssl/certs/test.crt" > > <If "-R '1.2.3.0/26'"> > SSLCipherSuite -all:MD5 > </If> > <Else> > SSLCipherSuite -all:SHA1 > </Else> > > CustomLog "/var/log/apache2/test/access.log" vhost_combined > ErrorLog "/var/log/apache2/test/error.443.log" > > </VirtualHost> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|