Commit a1f502b0 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

apache-backend: discard incoming X-Forwarded-For without valid SSL Client Authentification.

parent 1c4d1452
......@@ -136,6 +136,7 @@ RequestHeader unset Remote-User
{% if parameter_dict['ca-cert'] -%}
SSLVerifyClient optional
RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
RequestHeader unset X-Forwarded-For expr="%{SSL_CLIENT_VERIFY} != 'SUCCESS'"
SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
{% if parameter_dict['crl'] -%}
SSLCARevocationCheck chain
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment