httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Montague <>
Subject Re: [users@httpd] SSL Client Certificates and CGI
Date Mon, 01 Oct 2012 15:53:53 GMT
On October 1, 2012 9:17 , Tom Browder <> wrote:
> Inside the restricted area I have:
>    SSLVerifyClient require
> The reason I do that is to log access by my clients even though they
> don't attempt to  enter the restricted area.
> I have found that the configuration doesn't restrict CGI  programs at
> all as I have them placed

Then something weird is going on.  "SSLVerifyClient require" should 
prevent any client from accessing the CGI programs unless it has a valid 
certificate.  I suggest using mod_info to check how various directives 
are actually being combined by the web server, and make sure that the 
configuration is what you think it is.

If that fails, try posting the relevant sections of the configuration 
here, including the Alias / ScriptAlias directives, the Directory stanza 
for the directory where the CGI programs reside (I'm assuming you're not 
using Location), the directives inside the Directory stanza, and then 
the URL that, when a client requests it, results in access being granted 
despite the client not presenting a certificate.

   Mark Montague

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message