1

Haven't been able to figure out how to easily manage access to my SSL website.

I'm trying to allow access to a specific location based on client IP.

If client IP = 192.168.x.x => bypass client certificate authentication If client IP !=192.168.x.x => request client certificate authentication.

I tried several method (URL rewriting, Vhost, Allow,deny,satisfay.... without success..)

My SSL client verification works OK, I'm just stuck with this basic "if" request. I'm running Apache 2.12.

I already tried to implement http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html (section How can I require HTTPS with strong ciphers and either basic authentication or client certificates for access to a subarea on the Intranet website for clients coming from the Internet but still allow plain HTTP access for clients on the Intranet?) but it's not working ..

Quite frustrating because this is exactly what i'm looking for ;) (except for the authtype basic)

Thanks

<Location /folder> SSLVerifyClient require SSLOptions +StrictRequire SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 Satisfy Any Order deny,allow Deny from all Allow from 192.168.x.x </Location>
Improve this question

2 Answers 2

Reset to default
1

And if you want to force a network, just use regex like this :

<If "%{REMOTE_ADDR} !~ /^regex$ SSLVerifyClient require SSLVerifyDepth 2 </If>

Improve this answer
0

Ok so looks like is not possible to do that on Apache < 2.3

I've updated to Apache 2.4 and just added the "if" directive:

<If "%{REMOTE_ADDR} == 'xx.xx.xx.xx"> SSLVerifyClient require SSLOptions +StrictRequire SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 </If>
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.