On 07/12/2019 12:55 AM, Graham Leggett wrote:
> Hi all,
>
> I am having an odd case where my reading of the docs and httpd itself aren’t
> matching and I’m stumped as to why.
>
> I have a config like this (unrelated directives chopped for clarity):
>
> SSLVerifyClient optional
> <Location /jira>
> <If "%{SSL_CLIENT_VERIFY} == 'SUCCESS' || %{SSL_CLIENT_VERIFY} ==
> 'GENEROUS’">
> # cert + group member? you can come in
> require ldap-group xxx
> </If>
> <Else>
> # no cert, go away
> require all denied
> </Else>
> </Location>
> <LocationMatch
> ^\/jira\/servicedesk\/customer\/portal\/3\/(.+)\/unsubscribe(.*)>
> # cert or no cert, let them in
> require all granted
> </LocationMatch>
>
Given Erics comments, what about:
SSLVerifyClient optional
<Location /jira>
<If "%{REQUEST_URI}
=~'^\/jira\/servicedesk\/customer\/portal\/3\/(.+)\/unsubscribe(.*)'>
require all granted
</If
<ElseIf "%{SSL_CLIENT_VERIFY} == 'SUCCESS' || %{SSL_CLIENT_VERIFY} ==
'GENEROUS’">
# cert + group member? you can come in
require ldap-group xxx
</ElseIf>
<Else>
# no cert, go away
require all denied
</Else>
</Location>
Regards
Rüdiger
