Hi,
for a secured webserver, I have the following setup/requirements
a) HTTPS access only
b) Clients need certificate
c) for different parts of the site, I want to restrict access to
certain certificates.
a) and b) work great. c) works mostly. I am using the SSLOption
"FakeBasicAuth" to extract the DN from the certificate and check them
against a htpasswd file. This works as expected when one of the
"valid-users" is trying to request the page. If one with a valid
certificate, but nonmatching DN comes along he is not let in (GOOD !!),
but gets the log in pop-up (BAD !!). In that case I would like to
immediately send the "forbidden" response. Is than possible at all?
My setup is RH9, Apache-2.0.54, mod_ssl from the 2.0.54 tarball.
One example config is:
<Location "/usage">
Options Indexes FollowSymLinks
SSLOptions +StrictRequire +FakeBasicAuth +OptRenegotiate
SSLRequireSSL
#
# Virtual host does a "SSLVerifyClient optional", to allow
# display of a Banner page to non-certificate users.
#
SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
AuthName "Admin Users"
AuthType Basic
AuthUserFile /xxx/admin.passwd
require valid-user
</Location>
Cheers
Martin
------------------------------------------------------
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|