[英]Apache 2.4 403 errors on SSL-Auth vhost
I've worked with apache 2.2 for ages, and this is the first time I'm using 2.4. 我使用Apache 2.2已有很长时间了,这是我第一次使用2.4。 Which is giving me an headache. 这让我头疼。
My boss asked me to set up an SSL Auth system, using our internal CA. 我的老板要求我使用内部CA来建立SSL验证系统。 Now the problem here is, the vhosts and auth mechanism seems to work, but all URLs within the SSL Auth vhost retun 403 errors. 现在的问题是,虚拟主机和身份验证机制似乎可以正常工作,但是SSL身份验证虚拟主机中的所有URL会重新调整403错误。 Now I've made sure to add an 'Require all granted' directive to the vhost, and the apache logs aren't throwing any permission errors. 现在,我确保向虚拟主机添加了“需要所有已授予”指令,并且apache日志不会引发任何权限错误。 So I'm out of my league here. 所以我不在这里。
Maybe someone can see the part I'm missing :)? 也许有人可以看到我缺少的部分:)? Configs below: (running apache 2.4 on CentOS 7, SELinux disabled for testing purposes) 以下配置:(出于测试目的,已禁用在CentOS 7上运行apache 2.4,SELinux)
conf.d/vhost.conf conf.d / vhost.conf
<Directory "/var/www/auth.internal.corp">
Order allow,deny
Allow from all
Require all granted
</Directory>
<VirtualHost *:443>
DocumentRoot "/var/www/auth.internal.corp"
ServerAdmin noc@internal.corp
SSLCACertificateFile /etc/pki/CA/cacert.pem
SSLCertificateFile ssl/auth.internal.corp.crt.pem
SSLCertificateKeyFile ssl/auth.internal.corp.key.pem
SSLCARevocationCheck chain
SSLCARevocationFile /etc/pki/CA/crl/crl.pem
SSLEngine on
SSLStrictSNIVHostCheck on
SSLVerifyClient require
SSLVerifyDepth 5
ServerName auth.internal.corp
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteCond ${HTTPS} !=on
RewriteRule . - [F]
ErrorLog logs/auth.error.log
CustomLog logs/auth.access.log common
<Directory "/var/www/auth.internal.corp/protected">
Require ssl
Require ssl-verify-client
SSLRequireSSL
SSLOptions +FakeBasicAuth +StrictRequire
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 256
SSLRequire %{SSL_CLIENT_S_DN_O} eq "Internal Corp CA" \
and %{SSL_CLIENT_S_DN_OU} eq "Corporate Certification Authority" \
and %{SSL_CLIENT_S_DN_CN} in {"John Doe", "Jane Doe"}
SSLRenegBufferSize 131072
</Directory>
</VirtualHost>
/conf/httpd.conf /conf/httpd.conf
ServerRoot "/etc/httpd
Listen 80
Listen 443 https
Include conf.modules.d/*.conf
User apache
Group apache"
<Directory />
AllowOverride none
Require all denied
</Directory>
<Directory "/var/www">
AllowOverride None
Order allow,deny
Allow from all
# Allow open access:
Require all granted
</Directory>
<Directory "/var/www/auth.internal.corp">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
IncludeOptional conf.d/*.conf
Found the solution. 找到了解决方案。 It was an typo in the Rewrite rule. 这是“重写”规则中的错字。
RewriteCond ${HTTPS} !=on
should have been 本来应该
RewriteCond %{HTTPS} !=on
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.