tags:

views:

31

answers:

1
Q: 

Switch SSLVerifyClient within ReverseProxy context

This is a part of an Apache virtualhost configuration, the incoming request, which matches, are forwarded to the Apache Tomcat server. All clients must send a client certificate for authentication for App1, but for App2 it should be optional.

SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +ExportCertData +StdEnvVars

ProxyRequests Off

ProxyPass /app1/services/App01 ajp://localhost:8307/app1/services/App01
ProxyPass /app1/services/App02 ajp://localhost:8307/app2/services/App02

<Location /app1/services/App01>
    ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>

<Location /app2/services/App02>
    ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>

So is there a posibility to switch for app2 the SSLVerifyClient directive from required to optional?

A: 

After reading a lot of documentation and trying out different approaches I found the solution!

Bring all proxy directives into the Location context, set the SSLVerifyClient directive for these host or virtualhost to optional and put SSLVerifyClient require into the Location directive where it's needed.

SSLVerifyClient optional
SSLVerifyDepth 2
SSLOptions +ExportCertData +StdEnvVars

ProxyRequests Off

<Location /app1/services/App01>
    SSLVerifyClient require
    ProxyPass ajp://localhost:8307/app1/services/App01
    ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>

<Location /app2/services/App02>
    ProxyPass ajp://localhost:8307/app2/services/App02
    ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>
Alex  2010-08-02 06:44:27

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP