You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bhuvaneswaran A <bh...@gmail.com> on 2009/08/28 06:11:32 UTC
[users@httpd] Using environment variable in condition
Hello,
Short question: How do I use a environment variable in <IfDefine>
condition in httpd.conf file? I like to use "SVN-ACTION" variable in
<IfDefine> condition in order to define specific configuration for SVN
requests. AFAIK, <IfDefine> can take parameters passed using -D
option. Can I leverage this directive to check for a environment
variable? Is there any other work around to define specific
configuration depending on environment variable?
Here's my server configuration: Apache/2.2.11 (Unix) mod_ssl/2.2.11
OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_choke/0.1 mod_auth_mda/2.0
mod_jk/1.2.16-dev mo
d_python/3.3.1 Python/2.4.4 SVN/1.6.0 mod_auth_svn/0.2
Long question: I've a typical need to use client certificates for all
UI requests, but not for SVN requests. I use "SSLVerifyClient
optional" at "<Location />" level and "SSLVerifyClient none" at
"<Location /svn>" level. But the problem is, I face "413 Request
entity too Large" if I upload large files, say 10MB. As mentioned in
bug 12355 [1] if i specify "SSLVerifyClient optional" at "<VirtualHost
*:443>" level, i do not face the problem, but then it prompts for
client certificate even for SVN requests. I want to avoid it.
I'm looking out for a way to specify "SSLVerifyClient none" at
"<VirtualHost *:443>" level only for SVN requests. By default, at
server level i will specify "SSLVerifyClient optional" that will be
effective for all user requests and I'll also do not face 413 error.
Looks like directive "SSLRenegBufferSize" is introduced in apache
v2.2.12 which may solve my problem, but I can't upgrade my server at
the moment for various other reasons.
Bottomline, i need to define "SSLVerifyClient none" for all SVN
requests either by checking for "SVN-ACTION" variable or by any other
means. Any help in this regard would be highly appreciated. Thank you.
[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=12355
--
Regards,
Bhuvaneswaran A
www.livecipher.com
GPG: 0x7A13E5B0
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Using environment variable in condition
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Bhuvaneswaran A wrote:
>
> Short question: How do I use a environment variable in <IfDefine>
> condition in httpd.conf file? I like to use "SVN-ACTION" variable in
> <IfDefine> condition in order to define specific configuration for SVN
> requests.
You don't; IfDefine's are evaluated at server startup, not per-request.
This is a classic problem not well addressed by the TLS v1.0 protocol.
You are best off using two different virtual hosts. SNI (server name
identification, al la named virtual hosts) are now supported by httpd
2.2.13 and openssl 0.9.8k if I understood correctly. It's up to the
client to also support it, of course. Hopefully, svn does already or
will soon.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org