3

这是 Apache 虚拟主机配置的一部分,匹配的传入请求被转发到 Apache Tomcat 服务器。所有客户端都必须为 App1 发送客户端证书以进行身份​​验证,但对于 App2,它应该是可选的。

SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +ExportCertData +StdEnvVars

ProxyRequests Off

ProxyPass /app1/services/App01 ajp://localhost:8307/app1/services/App01
ProxyPass /app1/services/App02 ajp://localhost:8307/app2/services/App02

<Location /app1/services/App01>
    ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>

<Location /app2/services/App02>
    ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>

那么是否有可能将 SSLVerifyClient 指令从 app2 切换为可选?

4

1 回答 1

3

在阅读了大量文档并尝试了不同的方法后,我找到了解决方案!

将所有代理指令放入 Location 上下文中,将这些主机或虚拟主机的SSLVerifyClient指令设置为可选,并将SSLVerifyClient 要求放入需要的位置指令中。

SSLVerifyClient optional
SSLVerifyDepth 2
SSLOptions +ExportCertData +StdEnvVars

ProxyRequests Off

<Location /app1/services/App01>
    SSLVerifyClient require
    ProxyPass ajp://localhost:8307/app1/services/App01
    ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>

<Location /app2/services/App02>
    ProxyPass ajp://localhost:8307/app2/services/App02
    ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>
于 2010-08-02T06:44:27.000 回答