On October 1, 2012 9:17 , Tom Browder <[email protected]> wrote:
Inside the restricted area I have:
SSLVerifyClient require
The reason I do that is to log access by my clients even though they
don't attempt to enter the restricted area.
I have found that the configuration doesn't restrict CGI programs at
all as I have them placed
Then something weird is going on. "SSLVerifyClient require" should
prevent any client from accessing the CGI programs unless it has a valid
certificate. I suggest using mod_info to check how various directives
are actually being combined by the web server, and make sure that the
configuration is what you think it is.
If that fails, try posting the relevant sections of the configuration
here, including the Alias / ScriptAlias directives, the Directory stanza
for the directory where the CGI programs reside (I'm assuming you're not
using Location), the directives inside the Directory stanza, and then
the URL that, when a client requests it, results in access being granted
despite the client not presenting a certificate.
--
Mark Montague
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
