Commit 468d8148 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

fixup! apache-backend: discard incoming X-Forwarded-For without valid SSL Client Authentification.

parent ffd51275
......@@ -135,10 +135,11 @@ SSLProxyEngine On
# As backend is trusting Remote-User header unset it always
RequestHeader unset Remote-User
# Drop incoming X-Forwarded-For without valid client authentication
RequestHeader unset X-Forwarded-For "expr=%{SSL_CLIENT_VERIFY} != 'SUCCESS'"
{% if ca_cert_dir -%}
SSLVerifyClient optional
RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
RequestHeader unset X-Forwarded-For "expr=%{SSL_CLIENT_VERIFY} != 'SUCCESS'"
SSLCACertificatePath {{ ca_cert_dir }}
{% if crl_dir -%}
SSLCARevocationCheck chain
......
......@@ -14,5 +14,5 @@
# not need these here).
[template-apache-backend-conf]
filename = apache-backend.conf.in
md5sum = 68ce79573bb2b39625ee6ef57c2e7f14
md5sum = 5c6d6aacc092b23a02e1c6f4d51e8127
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment