[thelist] secure site management
klute
soundres9 at yahoo.com
Tue Jun 17 14:22:42 CDT 2003
if you are using ssl-enabled apache, you can require
client certs by different locations of your site in
the following way:
<Location "/fred">
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData
</Location>
<Location "/alex">
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData
</Location>
you can also define what client certs are able to
access certain Location's. example below is copied
from the default mod_ssl config:
# Access Control:
# With SSLRequire you can do per-directory access
control based
# on arbitrary complex boolean expressions
containing server
# variable checks and other lookup directives. The
syntax is a
# mixture between C and Perl. See the mod_ssl
documentation
# for more details.
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil,
Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff",
"CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <=
5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <=
20 ) \
# or %{REMOTE_ADDR} =~
m/^192\.76\.162\.[0-9]+$/
#</Location>
hope this helps,
james
--- george donnelly <list at zettai.net> wrote:
> hi all
>
> I need to have certain people have secure access via
> http to manage
> different parts of a website. I know i can do this
> with passwords and SSL
> but I'm wondering if anyone knows about anything a
> setup up from this, eg
> using a cert to authenticate someone?
>
> tia
>
> <-->
> george donnelly - http://www.zettai.net/ - "We Love
> Newbies" :)
> Zope Hosting - Dynamic Website Design - Search
> Engine Promotion
> Yahoo, AIM: zettainet - MSN: zettainet at hotmail.com -
> ICQ: 51907738
>
> --
> * * Please support the community that supports you.
> * *
> http://evolt.org/help_support_evolt/
>
> Evolt.org conference in London, July 25-27 2003.
> Register today at http://evolt.org.uk
>
> For unsubscribe and other options, including the Tip
> Harvester
> and archives of thelist go to:
> http://lists.evolt.org
> Workers of the Web, evolt !
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
More information about the thelist
mailing list