Hi,
I have Apache asking for x509 Client certificates, I am trying to proxypass the
original request to multiple locations based on the result of the client
authentication
If successfully authenticated, proxypass to authserver
if not, proxypass to noauthserver
Ive tryied a lot of configurations but none works, sometimes I have recursion
problems, in other configurations I get 404 errors, help!
for example, the example bellow gives 404 errors and never gets redirected to
any server
I had to create the /var/www/html/auth and /var/www/html/noauth folders but I
would prefer not to create anything here if possible at all
Can you propose me any solution?
Thanks
Luis
NSSVerifyClient optional
RewriteEngine on
RewriteLog "/var/log/httpd/rewrite.log"
RewriteLogLevel 9
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
RewriteRule ^(.*)$ /noauth$1 [L]
RewriteCond %{SSL:SSL_CLIENT_VERIFY} =SUCCESS
RewriteRule ^(.*)$ /auth$1 [L]
<Location /noauth>
ProxyPass http://noauthserver/
ProxyPassReverse http://noauthserver/
</Location>
<Location /auth>
NSSVerifyClient require
RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}s"
RequestHeader set SSL_CLIENT_S_DN_O "%{SSL_CLIENT_S_DN_O}s"
RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"
ProxyPass http://authserver/
ProxyPassReverse http://authserver/
</Location>
