# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex Boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#
#
#
#
#
#
#
and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
and %{TIME_WDAY} >= 1
and %{TIME_WDAY} <= 5 \
and %{TIME_HOUR} >= 8
and %{TIME_HOUR} <= 20 ) \
or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
#
#
#
#
#
#
o FakeBasicAuth:
Translate the client X.509 into a Basic Authorization. This
means that
the standard Auth/DBMAuth methods can be used for access
control. The
user name is the 'one line' version of the client's X.509
certificate.
Note that no password is obtained from the user. Every entry in
the user
file needs this password: 'xxj31ZMTZzkVA'.
#
#
#
#
#
#
o ExportCertData:
This exports two additional environment variables:
SSL_CLIENT_CERT and
SSL_SERVER_CERT. These contain the PEM-encoded certificates of
the
server (always existent) and the client (only existent when
client
authentication is used). This can be used to import the
certificates
into CGI scripts.
Installation/configuration
4.5 SIMATIC IoT2040
Manage MyMachines /Remote - installation in existing control environments
72 Application examples, 10/2018, A5E45211403B AB
To Next Page
Loading...
