SSL-Auth vhost上的Apache 2.4 403错误

时间:2014-11-26 22:26:35

标签: apache ssl centos http-status-code-403

我已经使用apache 2.2工作了很长时间,这是我第一次使用2.4。哪个让我头疼。

我的老板让我使用内部CA设置SSL Auth系统。 现在问题是,vhosts和auth机制似乎有效,但SSL Auth vhost中的所有URL都重新调整403错误。 现在我已经确定要添加一个“要求所有已授予的”'对vhost的指令,apache日志不会抛出任何权限错误。所以我在这里离开了我的联盟。

也许有人可以看到我失踪的部分:)?配置如下:(在CentOS 7上运行apache 2.4,禁用SELinux用于测试目的)

conf.d / vhost.conf 

    <Directory "/var/www/auth.internal.corp">
                Order allow,deny
                Allow from all
                Require all granted
        </Directory>


<VirtualHost *:443>
        DocumentRoot                    "/var/www/auth.internal.corp"
        ServerAdmin                     noc@internal.corp
        SSLCACertificateFile            /etc/pki/CA/cacert.pem
        SSLCertificateFile              ssl/auth.internal.corp.crt.pem
        SSLCertificateKeyFile           ssl/auth.internal.corp.key.pem
        SSLCARevocationCheck            chain
        SSLCARevocationFile             /etc/pki/CA/crl/crl.pem
        SSLEngine                       on
        SSLStrictSNIVHostCheck          on
        SSLVerifyClient                 require
        SSLVerifyDepth                  5
        ServerName                      auth.internal.corp
        RewriteEngine                   on
        RewriteCond                     %{REMOTE_ADDR} !^127\.0\.0\.1$
        RewriteCond                     ${HTTPS} !=on
        RewriteRule                     . - [F]
        ErrorLog                        logs/auth.error.log
        CustomLog                       logs/auth.access.log common

        <Directory "/var/www/auth.internal.corp/protected">
                Require                 ssl
                Require                 ssl-verify-client
                SSLRequireSSL
                SSLOptions              +FakeBasicAuth +StrictRequire
                SSLRequire              %{SSL_CIPHER_USEKEYSIZE} >= 256
                SSLRequire              %{SSL_CLIENT_S_DN_O} eq "Internal Corp CA" \
                                    and %{SSL_CLIENT_S_DN_OU} eq "Corporate Certification Authority" \
                                    and %{SSL_CLIENT_S_DN_CN} in {"John Doe", "Jane Doe"}
                SSLRenegBufferSize      131072
        </Directory>
</VirtualHost>

/conf/httpd.conf 

ServerRoot "/etc/httpd
Listen 80
Listen 443 https
Include conf.modules.d/*.conf
User apache
Group apache"
<Directory />
    AllowOverride none
    Require all denied
</Directory>

<Directory "/var/www">
    AllowOverride None
    Order allow,deny
    Allow from all
    # Allow open access:
    Require all granted
</Directory>

<Directory "/var/www/auth.internal.corp">
  Options Indexes FollowSymLinks
  AllowOverride None
  Require all granted
</Directory>

<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>
IncludeOptional conf.d/*.conf

1 个答案:

答案 0 :(得分:0)

找到解决方案。 这是重写者的一个错字。

 RewriteCond                     ${HTTPS} !=on

应该是

RewriteCond                     %{HTTPS} !=on
相关问题
最新问题