I am attempting to authorize post content (SOAP methods) against ACLs, but once the authorize handler grabs the HTTP body, the other handlers can't process the content. A work around is to proxy the request to a local virtual host to handle the request AFTER it has been authorized, but then the SSL/TLS information is lost. Also, this means that anyone on that box can bypass the authorizer by simply calling the proxied virtual host. I would like to do everything in a single pass so I can keep the SSL info and make it harder for local apps to bypass ACLs. Any ideas? Thanks, Andrew --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|