httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luis Neves <luisne...@hotmail.com>
Subject [users@httpd] Help on creating proxy/rewrite rules based on SSL authentication
Date Wed, 25 Aug 2010 10:40:07 GMT

Hi,

I have Apache asking for x509 Client certificates, I am trying to proxypass the original request
to multiple locations based on the result of the client authentication

If successfully authenticated, proxypass to authserver
if not, proxypass to noauthserver

Ive tryied a lot of configurations but none works, sometimes I have recursion problems, in
other configurations I get 404 errors, help!

for example, the example bellow gives 404 errors and never gets redirected to any server
I had to create the /var/www/html/auth and /var/www/html/noauth folders but I would prefer
not to create anything here if possible at all 

Can you propose me any solution?

Thanks
Luis

NSSVerifyClient optional

RewriteEngine on
RewriteLog "/var/log/httpd/rewrite.log"
RewriteLogLevel 9 

RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
RewriteRule          ^(.*)$ /noauth$1   [L] 
RewriteCond %{SSL:SSL_CLIENT_VERIFY} =SUCCESS
RewriteRule          ^(.*)$ /auth$1 [L]

<Location /noauth>
     ProxyPass          http://noauthserver/
     ProxyPassReverse   http://noauthserver/
</Location>

<Location /auth>
     NSSVerifyClient require

     RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
     RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}s"
     RequestHeader set SSL_CLIENT_S_DN_O "%{SSL_CLIENT_S_DN_O}s"
     RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"

     ProxyPass          http://authserver/
     ProxyPassReverse   http://authserver/

</Location>

 		 	   		  
Mime
View raw message