Welcome! Log In Create A New Profile

Advanced

Having trouble converting this Apache directive

Posted by dfelicia 
Having trouble converting this Apache directive
April 05, 2012 09:00PM
Apache:

Alias /w3pw "/var/www/default/foo"
<Directory "/var/www/default/foo/">
SSLOptions +StrictRequire +OptRenegotiate
SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
and %{SSL_CLIENT_VERIFY} eq "SUCCESS" \
and %{SSL_CLIENT_S_DN_Email} eq "my_email@my_domain" \
and %{SSL_CIPHER_USEKEYSIZE} >= 128 )
SSLRequireSSL
Options -Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Basically all I want to do is forbid access to /foo/index.php if client cert doesn't have what I am looking for. I have tried:

location ~ ^/w3pw/ {
if ($ssl_client_s_dn !~ "/CN=CAcert WoT User/emailAddress=my_email@my_domain") {
return 403;
}
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}

The problem is that on success the php request is not passed on to the upstream php-fpm server. Instead, index.php gets served as a download.
Re: Having trouble converting this Apache directive
April 06, 2012 09:10AM
Ended up just passing $ssl_client_raw_cert to fastcgi and writing some PHP to deal with authentication.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 138
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready