Hi
I'm new to mod_ssl, and I have a question regarding the use of SSLRequire. I am using
Apache 1.3.6, mod_ssl 2.3.5, and PHP 3.0.8 on Redhat Linux 6.0.
I have looked through the manual, FAQ, the Howto, and tried searching through the
mailing list archives but I haven't found a solution. I have a protected section on
my website caled /protected. For local Intranet address, I would like to be able to
get access using normal HTTP. For Internet requests, HTTPS must be used. In effect,
I would like:
<Directory "/home/httpd/htdocs/protected">
If REMOTE_ADDR =~ 192.168.0.*
then Allow
else SSLRequireSSL
</Directory>
Looking at the example httpd.conf, I came up with this:
<Directory "/home/httpd/htdocs/protected">
SSLRequire %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
or %{REMOTE_ADDR} =~ m/^192\.168\.0\.[0-9]{1,3}$/
</Directory>
It doesn't work, as anyone can get access using http://myhost/protected. Does anyone
have any ideas, or can point me to some more reading.
Thanks,
Ying
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
