Hello, I have to deploy experimental web services and to limit their access to a limited (but varying) list of people (well, computers). The web services are developed in C++ using gsoap.
The solution used is to hide the services behind an Apache server using mod_proxy to redirect queries to the services. The authentication is handled through mod_ssl asking to present a certificate and filtering users on their DN. Everything works but I'm not administrator of the Apache server. Thus, I cannot edit myself the virtual host SSLRequire definition. I have to ask to the administrator through a somewhat long process. We think that we could place the SSLRequire in a .htaccess of a folder I would have the rights on, the mod_proxy handled folders being subfolders of this one. The problem here is that the proxying is applied before the SSL certificate verification. Is there a way to allow me to modify the authorized certificates list without having full administrative rights ? Thanks in advance. Regards, Gaël PS: below are some parts of my configuration files mod_proxy.conf ProxyPass /a/service http://localhost:10001/ /etc/httpd/conf/vhosts.d/01_default_ssl_vhost.conf SSLVerifyClient require SSLVerifyDepth 10 a/.htaccess SSLRequireSSL SSLRequire ( %{SSL_CLIENT_S_DN_CN} =~ m/MY CN/ ) -- Gael de Chalendar CEA-LIST Centre de Fontenay-aux-Roses Laboratoire d'Ingénierie de la Connaissance Multimédia Multilingue (LIC2M) (Multimedia and Multilingual Knowledge Engineering Laboratory) Bat. 38-2 ; 18, rue du Panorama ; BP 6 92265 Fontenay aux Roses Cedex ; France Tél.:01.46.54.80.18 ; Fax.:01.46.54.75.80 Email : [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
