Re: [mod-security-users] How to "whitelist" browsers that use a valid client certificate
Brought to you by:
victorhora,
zimmerletw
From: Josh Amishav-Z. <ja...@gm...> - 2012-12-11 14:04:33
|
On Tue, Dec 11, 2012 at 3:57 PM, Christian Folini < chr...@ti...> wrote: > > Did not Paul ask to whitelist those clients (browsers?) that have > a valid client cert? If he delegates the checking of the cert to mod_ssl, > then he should be able to use SSL_CLIENT_VERIFY (values: NONE, SUCCESS, > GENEROUS or > FAILED:reason) and disable the rule engine based on that. > > Agreed, SSL_CLIENT_VERIFY is better environment variable to check. Thanks Christian, -- - Josh > regs, > > Christian > > > -- > I wanted you to see what real courage is, instead of getting the idea > that courage is a man with a gun in his hand. It's when you know you're > licked before you begin, but you begin anyway and see it through no > matter what. > -- Harper Lee > |