2

I want certain Apache directives, like SSLCACertificateFile, to be enabled in some Locations, but disabled in others. For example,

# Require client certificates for http://example.com/secure
<Location "/secure">
    SSLCACertificateFile /path/to/my/file
    SSLVerifyClient requried
</Location>

# Allow access to http://example.com/secure/exception without certificates
<Location "/secure/exception">
    SSLCACertificateFiles none       # doesn't work
    SSLVerifyClient none             # works
</Location>

The documentation doesn't discuss any "off" values for the SSLCACertificateFile directive, though.

Ian Dunn
  • 194
  • 13

2 Answers2

4

If you have SSLVerifyClient turned off, SSLCACertificateFile is completely inactive, there's no reason to do anything further to 'disable' it.

In any case, you can't set SSLCACertificateFile separately in different <Location> blocks - per the documentation, it's only valid in the main server config or the <VirtualHost> context.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • SSLVerifyClient/SSLCACertificateFile was just a specific example of a general problem. – Ian Dunn Dec 10 '12 at 18:15
  • @IanDunn There's no general solution; the solution is different depending on what directive you're trying to disable in what context. – Shane Madden Dec 10 '12 at 18:27
0

To disable options that don't have an on/off option simply comment them out. Just be aware that some options are used in "sets", so you may need to comment out more than one.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
  • I don't think you understood the question. I want to disable the options programatically at run-time, based on the Location. See the example in the question. – Ian Dunn Dec 10 '12 at 18:14
  • I think you need to clarify the question. As it stands there is no hint that this needs to be done programmatically, at run time or any other time. – John Gardeniers Dec 11 '12 at 10:04