|
Home > Archive > Apache Server configuration support > August 2006 > Apache + modSSL + errorDoc
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Apache + modSSL + errorDoc
|
|
|
| Hello,
I've got a little problem with my errors docs with SSL. I explain.
Here is the structure of my test website :
www
\--docs
\--errors
I set up a SSL with auto-signed certs. It works ok. Now, I want to
authenticate users with certs.
It also works  When the user cert is not the one I expect, It says 403
When I want to customize my 403.txt message, I use
ErrorDocument 403 /errors/403.txt
but, it doesn't work and answer the an error occured when processing the
Errordocument directive. in the logs " failed, reason: SSL requirement
expression not fulfilled (see SSL logfile for more details)"
If you ask for, here is my config :
<VirtualHost *:443>
ServerAdmin xxxx@xxxxx
DocumentRoot /www
ServerName doff.servebeer.com
ErrorLog logs/www-log
LogFormat "%a %h %t %u \"%r\" %>s %b %X %{SSL_PROTOCOL}x %
{SSL_CIPHER}x %{SSL_CLIENT_S_DN}x" custom
CustomLog logs/doff.servebeer.com-log custom
# SSL mode
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM
:+LOW:+SSLv2:
+EXP:+eNULL
SSLCertificateFile /disk/sites/CERTS/www.crt
SSLCertificateKeyFile /disk/sites/CERTS/www.key
SSLCACertificateFile /disk/sites/CERTS/ca.crt
SSLVerifyClient optional
SSLOptions StdEnvVars OptRenegotiate
SSLCACertificatePath /disk/sites/CERTS/valid/
SSLCARevocationPath /disk/sites/CERTS/revoqued/
SSLVerifyDepth 1
ErrorDocument 403 /errors/403.txt
<Directory /www>
SSLRequire %{SSL_CLIENT_I_DN} =~ m/CN=MY_CN/
Options Indexes
</Directory>
# Error pages
<Directory /www/errors>
SSLOptions +FakeBasicAuth
SSLVerifyClient none
Options Indexes
AllowOverride all
Order Allow,Deny
Allow from all
Satisfy any
</Directory>
</VirtualHost>
So, my question is : is it possible to have a complete site access with
users certs, EXCEPT one subdirectory, that shows errors in case you dont
have user cert ?
Thanks in advance.
| |
| jinojohn 2006-08-24, 8:20 am |
| hi,
I have also faced the same problem for one of my applications that is hosted on apache2.2 . what i did was to include a rewrite condition to check the status of SSL_CLIENT_VERIFY as follows:
RewriteCond %{SSL:SSL_CLIENT_VERIFY} ^NONE$
RewriteRule !/www/errors /www/errors/403.txt [R]
remember, in the above case you no need to share your err dir separately. |
|
|
|
|