I frobbed a good deal more. I determined that:
SSLEngine on in a VitualHost and there's no mod-rewrite, than apache
does not accept http requests.
However, if mod-rewrite is proxing internally, than apache accepts
both http and https. I'm not really sure why. is this a bug?
the end result was that I did:
# allow only https requests
RewriteCond %{HTTPS} ^on$
RewriteRule /(.*) http://localhost:8888/%{SSL_CLIENT_S_DN_Email} [P]
# otherwise forbid
RewriteRule /.* / [F]
and that http clients get a 403 saying:
You don't have permission to access /mod_ssl:error:HTTP-request on this server.
seph
Referance:
seph <[EMAIL PROTECTED]> writes:
> I'm trying to create a virtual server that listens on a given port,
> then proxies to another. I'm doing this using rewrite. it works
> well. However, I'd like only ssl clients to be able to access this
> virtual server. As it stands apache allows both http and https
> methods. As RequireSSL isn't allowed, I'm not sure how to do
> this. anyone know?
>
> from my apache config:
>
> listen 8988
> <VirtualHost 10.0.0.24:8988>
> ServerAdmin [EMAIL PROTECTED]
>
> SSLEngine on
> SSLCertificateFile /etc/apache/ssl.pem/div.auctionflow.com.pem
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> SSLVerifyClient require
> SSLVerifyDepth 5
>
> SSLCACertificateFile /etc/apache/ca.crt
>
> RewriteEngine On
> RewriteRule /(.*) http://10.0.0.24:8888/%{SSL_CLIENT_S_DN_Email} [P]
>
> </VirtualHost>
>
>
> seph
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
