On 2012-02-15 10:46 AM, Paul Hartman <firstname.lastname@example.org> wrote:
On Wed, Feb 15, 2012 at 8:46 AM, Tanstaafl<email@example.com> wrote:
I know that you can restrict access to a certain site using either Basic
HTTP Auth or Digest Auth, but I was wondering - can you do the same with an
SSL Client Certificate?
Yes, you can. The specifics of how depend on what web server you're using.
For Apache, there are some examples of different scenarios here:
I'd also like to provide for IP based exceptions if possible
Trivial in Apache using mod_authz_host which is made for that kind of
You can combine the two access methods (allow all if it's
coming from your company's internal IP, otherwise require
Perfect, thanks Paul (and yes this is with Apache)...
Glad to know I can do it, hopefully I can get it working without having
to sign up to yet another email list to ask for help...