Complex Access Control with mod_ssl

Previous page
Table of content
Next page

Complex Access Control with mod_ssl

SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}\ and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/


This example shows how to use the SSLRequire directive to implement arbitrary access restrictions based on a number of parameters. As it happens with mod_rewrite, SSLRequire can be complex to configure, but it provides nearly unlimited possibilities. The configuration snippet above checks that

  • The SSL connection does not use an export (weak) cipher or a NULL cipher, the certificate has been issued by a particular CA and for a particular group, and the access takes place during workdays (Monday to Friday) and working hours (8:00 a.m. to 8:00 p.m.).

  • The client comes from an internal, trusted network (as specified by REMOTE_ADDR).

Please refer to the SSLRequire documentation for in-depth information.



Previous page
Table of content
Next page
Apache(c) Phrase Book(c) Essential Code and Commands
Apache Phrasebook
ISBN: 0672328364
EAN: 2147483647
Year: 2006
Pages: 254
Authors: Daniel Lopez, Jesus Blanco
BUY ON AMAZON
Project Management JumpStart
ERP and Data Warehousing in Organizations: Issues and Challenges
The Complete Cisco VPN Configuration Guide
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Mapping Hacks: Tips & Tools for Electronic Cartography
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy