Ssl – Allowing users in from an IP address without certificate client authentication

I need to allow access to my site without SSL certificates from my office network and with SSL certificates outside.

Here is my configuration:

 <Directory /srv/www>
  AllowOverride All

  Order deny,allow
  Deny from all
  # office network static IP
  Allow from xxx.xxx.xxx.xxx

  SSLVerifyClient require
  SSLOptions +FakeBasicAuth
  AuthName "My secure area"
  AuthType Basic
  AuthUserFile /etc/httpd/ssl/index
  Require valid-user
  Satisfy Any

 </Directory>

When I'm inside network and have certificate – I can access.
When I'm inside network and haven't certificate – I can't access, it requires certificate.

When I'm outside network and have certificate – I can't access, it shows me basic login screen
When I'm outside network and haven't certificate – I can't access, it shows me basic login screen

and following configuration works perfectly

 <Directory /srv/www>
  AllowOverride All

  Order deny,allow
  Deny from all
  Allow from xxx.xxx.xxx.xxx

  AuthUserFile /srv/www/htpasswd
  AuthName "Restricted Access"
  AuthType Basic
  Require valid-user
  Satisfy Any

 </Directory>

SSLVerifyClient optional SSLOptions -FakeBasicAuth +StrictRequire -StdEnvVars -ExportCertData SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 RewriteEngine on RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$ RewriteCond %{REMOTE_ADDR} !^xxx.xxx.xxx.xxx$ RewriteRule ^ - [F]

Best Answer

Here is how I implemented that(xxx.xxx.xxx.xxx - allow access for this address without cert) :

Note that SSLVerifyClient should NOT be in directory context:

In per-directory context it forces a SSL renegotiation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.

Best Answer

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

Ssl – Django running on Apache+WSGI and apache SSL proxying

Related Topic