httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abdelouahed Haitoute <ahaito...@rinis.nl>
Subject [users@httpd] Selecting SSLProxyMachineCertificateFile based on destination address
Date Mon, 23 Mar 2015 19:01:39 GMT
Hello,

I’m trying to setup a proxy server which selects the correct certificate based on destination
IP-address. I’m using apache 2.4 on CentOS 6.6.

I’m using the following configuration:

<VirtualHost *:3128>
  SSLProxyEngine On
  SSLProxyVerify require
  SSLProxyVerifyDepth 10
  <If "%{REMOTE_ADDR} -ipmatch '192.168.0.0/24'">
    SSLProxyMachineCertificateFile /etc/pki/tls/certs/example.com.cer
    SSLProxyCACertificateFile	   /etc/pki/tls/certs/ca.cer
  </If>
  <Else>
    SSLProxyMachineCertificateFile /etc/pki/tls/certs/example.org.cer
    SSLProxyCACertificateFile	   /etc/pki/tls/certs/ca.cer
  </Else>

  RewriteEngine On
  RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [NC,P]

  ProxyPreserveHost On
  ProxyPass            /  https://$1/
  ProxyPassReverse     /  https://$1/ <https://$1/>
</VirtualHost>

But I’m getting the following error when I start the httpd service:
Starting httpd: AH00526: Syntax error on line 8 of /opt/rh/httpd24/root/etc/httpd/conf.d/forward_ssl_proxy.conf:
SSLProxyMachineCertificateFile not allowed here
                                                           [FAILED]

Can someone help me how to achieve my goal by using the correct certificate based on destination
address?

With kind regards,

Abdelouahed
Mime
View raw message