[thelist] secure site management

klute soundres9 at yahoo.com
Tue Jun 17 14:22:42 CDT 2003


if you are using ssl-enabled apache, you can require
client certs by different locations of your site in
the following way:

    <Location "/fred">
      SSLVerifyClient require
      SSLVerifyDepth  10
      SSLOptions +StdEnvVars +ExportCertData
    </Location>
    <Location "/alex">
      SSLVerifyClient require
      SSLVerifyDepth  10
      SSLOptions +StdEnvVars +ExportCertData
    </Location>

you can also define what client certs are able to
access certain Location's. example below is copied
from the default mod_ssl config:

#   Access Control:
#   With SSLRequire you can do per-directory access
control based
#   on arbitrary complex boolean expressions
containing server
#   variable checks and other lookup directives.  The
syntax is a
#   mixture between C and Perl.  See the mod_ssl
documentation
#   for more details.
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil,
Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff",
"CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <=
5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <=
20       ) \
#           or %{REMOTE_ADDR} =~
m/^192\.76\.162\.[0-9]+$/
#</Location>

hope this helps,
james

--- george donnelly <list at zettai.net> wrote:
> hi all
> 
> I need to have certain people have secure access via
> http to manage
> different parts of a website. I know i can do this
> with passwords and SSL
> but I'm wondering if anyone knows about anything a
> setup up from this, eg
> using a cert to authenticate someone?
> 
> tia
> 
> <-->
> george donnelly - http://www.zettai.net/ - "We Love
> Newbies" :)
> Zope Hosting - Dynamic Website Design - Search
> Engine Promotion
> Yahoo, AIM: zettainet - MSN: zettainet at hotmail.com -
> ICQ: 51907738
> 
> -- 
> * * Please support the community that supports you. 
> * *
> http://evolt.org/help_support_evolt/
> 
> Evolt.org conference in London, July 25-27 2003. 
> Register today at http://evolt.org.uk
> 
> For unsubscribe and other options, including the Tip
> Harvester 
> and archives of thelist go to:
> http://lists.evolt.org 
> Workers of the Web, evolt ! 


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com


More information about the thelist mailing list