I have a reverse proxy setup with mod_ssl and mod_cache. There are SSLRequire rules that verify particular OIDs are present in a client certificate. What I'm noticing is that once the content is cached the SSLRequire rules are no longer being checked. From the debug logs I can tell that the SSL handshake is indeed still happening. Is this behavior expected? Is this what the 2.2 caching docs mean when they say mod_cache "drastically changes the security model of Apache"? Details: 64bit RHEL host running httpd-2.2.3-43.el5 (this is the latest version that ships with RHEL 5.5) --Brenton --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|