Re: SSLRequire problem
On 11/20/2009 04:50 AM, Joe Orton wrote:
On Thu, Nov 19, 2009 at 03:19:00PM -0500, David Rosenstrauch wrote:
Hi. I'm tearing my hair out over an SSLRequire directive that doesn't
seem to be working. Can anyone help?
The directive is actually quite simple:
# Require SSL over non-obvious port 81 for SVN access
SSLRequire %{SERVER_PORT} == 81
The port which %{SERVER_PORT} expands to is determined by the settings
of UseCanonicalPhysicalPort and UseCanonicalName. For different
combinations it will depend on either what the client sends in the
request's Host header, what the ServerName directive is set to in the
vhost, or what httpd derives as the "canonical" name for the vhost to be
otherwise.
See docs for more info:
http://httpd.apache.org/docs/2.2/mod/core.html#usecanonicalname
http://httpd.apache.org/docs/2.2/mod/core.html#usecanonicalphysicalport
Regards, Joe
Huh! Never heard of those before!
OK, well, I'm still not sure I quite understand the reason why, but
"UseCanonicalPhysicalPort on" does seem to have fixed the problem.
Thanks much for the help!
DR
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [email protected]
Automated List [email protected]
Re: SSLRequire problem
On Thu, Nov 19, 2009 at 03:19:00PM -0500, David Rosenstrauch wrote:
> Hi. I'm tearing my hair out over an SSLRequire directive that doesn't
> seem to be working. Can anyone help?
>
> The directive is actually quite simple:
>
># Require SSL over non-obvious port 81 for SVN access
>SSLRequire %{SERVER_PORT} == 81
The port which %{SERVER_PORT} expands to is determined by the settings
of UseCanonicalPhysicalPort and UseCanonicalName. For different
combinations it will depend on either what the client sends in the
request's Host header, what the ServerName directive is set to in the
vhost, or what httpd derives as the "canonical" name for the vhost to be
otherwise.
See docs for more info:
http://httpd.apache.org/docs/2.2/mod/core.html#usecanonicalname
http://httpd.apache.org/docs/2.2/mod/core.html#usecanonicalphysicalport
Regards, Joe
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [email protected]
Automated List [email protected]
SSLRequire problem
Hi. I'm tearing my hair out over an SSLRequire directive that doesn't
seem to be working. Can anyone help?
The directive is actually quite simple:
# Require SSL over non-obvious port 81 for SVN access
SSLRequire %{SERVER_PORT} == 81
This is actually working fine when the client is a web browser. (i.e.,
using HTTPD method GET).
But the server is actually hosting Subversion (via WebDAV), so the
client is an SVN client (which uses HTTP methods OPTIONS, PROPFIND, and
REPORT). And when the URL is accessed that way it fails, with the
following appearing in the log:
[Thu Nov 19 19:37:53 2009] [error] [client ] access to
failed, reason: SSL requirement expression not fulfilled
(see SSL logfile for more details)
Even when I crank up the debugging, I still don't get any useful info as
to what's happening:
[Thu Nov 19 19:37:53 2009] [info] Failed expression: %{SERVER_PORT} == 81
Anyone have any idea what's going on here? Is there any way to debug
the SSLRequire expression?
I'm using mod_ssl 2.2.3 with Apache on CentOS 5.2.
Thanks,
DR
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [email protected]
Automated List [email protected]
