Hello everyone,
I have the following problem:
I need my Apache web server to serve different paths depending on the SSL client certificate the user has in his browser.
Making it simple, when user John makes a request to "http://www.company.com/test_ssl", Apache should serve che contents of "/var/www/test_ssl/john"; when user Tom makes a request, Apache should serve che contents of "/var/www/test_ssl/tom"; and so on.
I (almost) managed to get this work by using the following configuration:
Code:
SetEnv HTTPS on
SSLProtocol all -SSLv2
SSLCertificateFile /etc/ssl/certs/TERENAPersonalCA.crt
SSLCACertificateFile /etc/ssl/certs/TERENAPersonalCA_bundle.pem
Alias /test_ssl /var/www/test_ssl
<Directory /var/www/test_ssl>
SSLVerifyClient require
SSLVerifyDepth 10
SSLCipherSuite ALL:!ADH:!EXP:!DES:RC4+RSA:+HIGH:+MEDIUM!SSLv2
SSLOptions +StdEnvVars +ExportCertData
SSLUsername SSL_CLIENT_S_DN
RewriteEngine On
RewriteBase /test_ssl
RewriteCond %{SSL:SSL_CLIENT_S_DN}::%{REQUEST_URI} !^(.*)::/test_ssl/\1/(.*)
RewriteRule ^(.*) %{SSL:SSL_CLIENT_S_DN}/$1 [L]
</Directory>
My problem is that I need to use, instead of the full value of the SSL_CLIENT_S_DN server variable, only the user's e-mail address as the personal folder (because the e-mail is the only unique value, even in the case of homonymy of two individuals), so I need my web server to serve stuff like "/var/www/test_ssl/john@company.com", "/var/www/test_ssl/tom@company.com", etc.
And... that e-mail address only compares inside of the SSL_CLIENT_S_DN server variable, in this format:
Code:
unstructuredName=john@company.com,CN=John Black,O=COMPANY,C=COM
I tried to add/modify the RewriteRules like this:
Code:
RewriteCond %{SSL:SSL_CLIENT_S_DN}::%{REQUEST_URI} !^(.*)::/test_ssl/\1/(.*)
RewriteRule ^(.*) %{SSL:SSL_CLIENT_S_DN}/$1
RewriteRule ^unstructuredName=(.*),CN - [E=email:$1]
RewriteRule ^(.*)$ %{ENV:email} [L]
and I'm near to the solution, as long as now the web server gets the request to the right directory (which includes the e-mail), but the browser (Firefox) says:
Quote:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
|
Seems to be a problem of internal redirection creating a loop... any hint?
Any help would be great! Thanks!!!