httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Browder <tom.brow...@gmail.com>
Subject Re: [users@httpd] SSL Client Certificates and CGI
Date Mon, 01 Oct 2012 09:41:21 GMT
On Sun, Sep 30, 2012 at 7:44 PM, Mark Montague <mark@catseye.org> wrote:
> On September 30, 2012 19:45 , Tom Browder <tom.browder@gmail.com> wrote:
>>
>> Does anyone have a pointer to help on restricting a directory to
>> access only with valid SSL Client Certificates and how to work CGI
>> scripts to respect that restriction?
...
> So you are allowing requests for the CGI from any web browser, without a
> client certificate, but you then want to restrict what the CGI can do when
> it is running?
>
> A CGI won't "respect" web server configuration for what clients can access
> what content, because CGIs can't "see" web server configuration.  The web
> server invokes the CGI, and the CGI can do whatever it wants to do from that
> point on.  The only restrictions on a running CGI are those imposed by the
> operating system.

So, Mark, what about something like this:

+ if the cgi prog:

   - finds the appropriate SSL cert envvar to be defined
   - finds that envvar to satisfy apprporiate criteria

+ then

  - run to normal completion

+ otherwise

  - return not authorized

Best,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message