I was once rumoured to have written:
> SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} >= 128 and %{SSL_CLIENT_VERIFY} eq
>"SUCCESS" )
>
> # Allow any of certs, network access or basic auth
> Satisfy any
>
> # Network Access Control
> Order deny,allow
> Deny from all
> Allow from 127.0.0.1
> Allow from 199.85.99.0/24
FWIW, I just figured out that if I move the network access control into
the SSLRequire line, then I get my desired behaviour:
SSLRequire (( %{SSL_CIPHER_USEKEYSIZE} >= 128 \
and %{SSL_CLIENT_VERIFY} eq "SUCCESS" ) \
or ( %{REMOTE_ADDR} =~ m/^127\.0\.0\.1|199\.85\.99\.[0-9]+$/ ))
It's better than nothing, I guess :-)
--
Harald Koch <[EMAIL PROTECTED]>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
