apache exclude several IP addresses

Question

I have the following configuration (beside a ReverseProxy entry) to force clients to deliver a client certificate:

<Location /SSLTest/>
        SSLVerifyClient require
        SSLVerifyDepth 2
        SSLRequireSSL
        SSLOptions +OptRenegotiate
        SSLCipherSuite HIGH
        SSLRequire %{SSL_CLIENT_S_DN_OU} eq "MyClientX"
</Location>

How can i disable this requirement to several IPs. I tried different variants with SetEnvIf like

SetEnvIf Remote_addr 192.168.1.46 is_internal

and added a <IfDefine !is_internal>

around the Location, but this seems to be parsed on apache startup only. Is there a way around rewrite rules?

I'm using Apache 2.2 on Linux.

Thx in advance

chaos · Accepted Answer · 2009-06-04T13:11:30.170

1

Sorry, can't be done. No hooks for it.

The nearest thing would be having /SSLTest/Internal and /SSLTest/External, and rewriting /SSLTest to one or the other based on client IP.

edited Jun 04 '09 at 13:11

answered Jun 04 '09 at 13:00

chaos

7,483
4
34
49

Ok, thanks for the answer. Those are good ideas, but kind of like only workarounds. I think i have to go with different virtualhosts for internal/external. – zero_r Jun 04 '09 at 13:43

apache exclude several IP addresses

1 Answers1