I have a reverse proxy setup with mod_ssl and mod_cache. There are SSLRequire rules that verify particular OIDs are present in a client certificate. What I'm noticing is that once the content is cached the SSLRequire rules are no longer being checked. From the debug logs I can tell that the SSL handshake is indeed still happening.
Is this behavior expected? Is this what the 2.2 caching docs mean when they say mod_cache "drastically changes the security model of Apache"? Details: 64bit RHEL host running httpd-2.2.3-43.el5 (this is the latest version that ships with RHEL 5.5) --Brenton --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
