DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42079>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42079 Summary: SSLRequire: Additional access in sub-directoies Product: Apache httpd-2 Version: 2.2.4 Platform: Sun OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Core AssignedTo: bugs@httpd.apache.org ReportedBy: [EMAIL PROTECTED] Before I have used both LDAP and User/Group files for regulating access in quite a deep hierarchy of sub-directories. I have had no problems in adding or removing access in any combination that I want. However, now when I use SSLRequire (and client certificates) I seem to have no way to *add* access as I go down in my hierarchy. E.g. <Directory /htdocs/sub1> SSLRequire %{SSL_CLIENT_S_DN_C} eq "US" </Directory <Directory /htdocs/sub1/sub2> SSLRequire %{SSL_CLIENT_S_DN_C} eq "CA" </Directory A user with a "CA" certificate will not be able to access sub1/sub2/ because he/she has no access in sub1/. I.e you can only *restrict* access as you go down in the hirarchy, you cannot *add* access. A similar issue was discussed in bug # 41911. I will call this a bug. Using LDAP or User/Group files this would be perfectly OK to access sub1/sub2/ but still have no access in sub1/. I have seen this problem reported in other mailing lists as well and one guy suggested to test on REQUEST_URI in addition to the SSL* environment variables. I tried this, but since the number if subdirectories I have is so big, the regular expression got too big (the httpd.conf parser could not parse it). Any feedback is welcome. Thanks. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
