Hello,
I have to deploy experimental web services and to limit their access to a
limited (but varying) list of people (well, computers). The web services ar=
e
developed in C++ using gsoap.
The solution used is to hide the services behind an Apache server using
mod_proxy to redirect queries to the services.
The authentication is handled through mod_ssl asking to present a certifica=
te
and filtering users on their DN.
Everything works but I'm not administrator of the Apache server. Thus, I
cannot edit myself the virtual host SSLRequire definition. I have to ask to=
the administrator through a somewhat long process.
We think that we could place the SSLRequire in a .htaccess of a folder I wo=
uld
have the rights on, the mod_proxy handled folders being subfolders of this=
one. The problem here is that the proxying is applied before the SSL
certificate verification.
Is there a way to allow me to modify the authorized certificates list witho=
ut
having full administrative rights ?
Thanks in advance.
Regards,
Ga=C3=ABl
PS: below are some parts of my configuration files
mod_proxy.conf
ProxyPass /a/service http://localhost:10001/
/etc/httpd/conf/vhosts.d/01_default_ssl_vhost.conf
SSLVerifyClient require
SSLVerifyDepth 10
a/.htaccess
SSLRequireSSL
SSLRequire ( %{SSL_CLIENT_S_DN_CN} =3D~ m/MY CN/ )
=2D-
Gael de Chalendar
CEA-LIST
Centre de Fontenay-aux-Roses
Laboratoire d'Ing=C3=A9nierie de la Connaissance Multim=C3=A9dia Multilingu=
e (LIC2M)
(Multimedia and Multilingual Knowledge Engineering Laboratory)
Bat. 38-2 ; 18, rue du Panorama ; BP 6
92265 Fontenay aux Roses Cedex ; France
T=C3=A9l.:01.46.54.80.18 ; Fax.:01.46.54.75.80
Email : Gael.D.O.T.de-Chalendar.A [at] T.cea.D.O.T.fr
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
