这是 Apache 虚拟主机配置的一部分,匹配的传入请求被转发到 Apache Tomcat 服务器。所有客户端都必须发送客户端证书以对 App1 进行身份验证,但对于 App2 来说,它应该是可选的。
SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +ExportCertData +StdEnvVars
ProxyRequests Off
ProxyPass /app1/services/App01 ajp://localhost:8307/app1/services/App01
ProxyPass /app1/services/App02 ajp://localhost:8307/app2/services/App02
<Location /app1/services/App01>
ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>
<Location /app2/services/App02>
ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>
那么是否可以将 app2 的 SSLVerifyClient 指令从必需指令切换为可选指令?
最佳答案
在阅读了大量文档并尝试了不同的方法后,我找到了解决方案!
将所有代理指令放入位置上下文,将这些主机或虚拟主机的SSLVerifyClient指令设置为可选并将SSLVerifyClient require放入在需要的地方定位指令。
SSLVerifyClient optional
SSLVerifyDepth 2
SSLOptions +ExportCertData +StdEnvVars
ProxyRequests Off
<Location /app1/services/App01>
SSLVerifyClient require
ProxyPass ajp://localhost:8307/app1/services/App01
ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>
<Location /app2/services/App02>
ProxyPass ajp://localhost:8307/app2/services/App02
ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>
关于apache - 在 ReverseProxy 上下文中切换 SSLVerifyClient,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3369443/