httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Gale <mich...@bluesuperman.com>
Subject [users@httpd] Secure server ?
Date Mon, 09 Feb 2004 04:20:40 GMT
Hello,

	I am building a apache web server with PHP and mysql. I want this
secure to be as secure as possible.

I have set up ssl on the web server, I have created my own CA, signed my
server cert and am specifying on a directory bases that client access
requires a valid cert signed by the same CA as the web server.

I believe this should be very secure :)

But I have a few questions ?

How can I make it so all directories, including sub-directories requires
client certs ? It seems that only the directory I explicitly set
require it.

So:
<Directory /htdocs/test>
SSLVerifyClient 2
</Directory>

requires the client to have a cert but:

/htdocs/test/subdirectory does not :(


Also is there a way to limit a directory access by client cert ? 

Thanks.

-- 
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message