Hi, I've read chapter 5 of the modssl docs (the section on Client Authentication and Access Control), but can find quite what I'm looking for. I'm trying to find an easy way to require certificate based authentication to apache only from machines outside our firewall, whereas, those within can authenticate with a username/password pair. I've done this easily enough to qmail with the TLS patch and to imaps via stunnel. If I could get apache w/ modssl to do the same, I'd be set. I don't want to make two different areas of the site (like the "/secure/area" described in the docs) Anyone have a good idea? I suppose potentially I could have a virtual host which those outside could point to, and another inside, but I'd rather not. Users are so hard to train. :-) TIA, Joel ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]