在ReverseProxy上下文中切換SSLVerifyClient

這是Apache虛擬主機配置的一部分，將匹配的傳入請求轉發到Apache Tomcat服務器。所有客戶端都必須發送客戶端證書以進行App1身份驗證，但對於App2，它應該是可選的。在ReverseProxy上下文中切換SSLVerifyClient

SSLVerifyClient require 
SSLVerifyDepth 2 
SSLOptions +ExportCertData +StdEnvVars 

ProxyRequests Off 

ProxyPass /app1/services/App01 ajp://localhost:8307/app1/services/App01 
ProxyPass /app1/services/App02 ajp://localhost:8307/app2/services/App02 

<Location /app1/services/App01> 
    ProxyPassReverse ajp://localhost:8307/app2/services/App02 
</Location> 

<Location /app2/services/App02> 
    ProxyPassReverse ajp://localhost:8307/app2/services/App02 
</Location>

那麼是否有切換app2 SSLVerifyClient指令從必需到可選的可能性？

來源

2010-07-30 Alex

閱讀了大量文檔並嘗試了不同的方法後，我找到了解決方案！

把所有代理的指令到位置情況下，SSLVerifyClient指令，這些主機或虛擬主機設置爲可選，並把SSLVerifyClient需要到需要的地方的位置指令。

SSLVerifyClient optional 
SSLVerifyDepth 2 
SSLOptions +ExportCertData +StdEnvVars 

ProxyRequests Off 

<Location /app1/services/App01> 
    SSLVerifyClient require 
    ProxyPass ajp://localhost:8307/app1/services/App01 
    ProxyPassReverse ajp://localhost:8307/app2/services/App02 
</Location> 

<Location /app2/services/App02> 
    ProxyPass ajp://localhost:8307/app2/services/App02 
    ProxyPassReverse ajp://localhost:8307/app2/services/App02 
</Location>

來源

2010-08-02 06:44:27 Alex

在ReverseProxy上下文中切換SSLVerifyClient

回答

相關問題