You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by brenton leanhardt <br...@gmail.com> on 2010/04/13 19:57:25 UTC

[users@httpd] mod_cache bypassing mod_ssl SSLRequire rules

I have a reverse proxy setup with mod_ssl and mod_cache.  There are
SSLRequire rules that verify particular OIDs are present in a client
certificate.  What I'm noticing is that once the content is cached the
SSLRequire rules are no longer being checked.  From the debug logs I
can tell that the SSL handshake is indeed still happening.

Is this behavior expected?  Is this what the 2.2 caching docs mean
when they say mod_cache "drastically changes the security model of
Apache"?

Details:
64bit RHEL host running httpd-2.2.3-43.el5 (this is the latest version
that ships with RHEL 5.5)

--Brenton

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org