conditional ssl_verify_client
December 04, 2016 06:42PM
Hi,

Could someone to help me to understand how to enable `ssl_verify_client` conditionally? Is it possible to do this? I need to enable client certificate verification only for requests from outside of our intranet and no need to do verification for request from, for example, 192.168.0.0/24.

I tried use geo module to define variable for internal subnet

geo $intranet {
default 0;
192.168.0.0/24 1;
}

if ($intranet != 1) {
ssl_verify_client on;
}

but it is impossible to use `ssl_verify_client` directive inside 'if' statement. I get an error:

"ssl_verify_client" directive is not allowed here

Is there other way to do this?

Thanks.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 234
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready