在ReverseProxy上下文中切换SSLVerifyClient

Question

这是Apache虚拟主机配置的一部分，将匹配的传入请求转发到Apache Tomcat服务器。所有客户端都必须发送客户端证书以进行App1身份验证，但对于App2，它应该是可选的。

SSLVerifyClient require 
SSLVerifyDepth 2 
SSLOptions +ExportCertData +StdEnvVars 

ProxyRequests Off 

ProxyPass /app1/services/App01 ajp://localhost:8307/app1/services/App01 
ProxyPass /app1/services/App02 ajp://localhost:8307/app2/services/App02 

<Location /app1/services/App01> 
    ProxyPassReverse ajp://localhost:8307/app2/services/App02 
</Location> 

<Location /app2/services/App02> 
    ProxyPassReverse ajp://localhost:8307/app2/services/App02 
</Location> 

那么是否有切换app2 SSLVerifyClient指令从必需到可选的可能性？

Answer 1

阅读了大量文档并尝试了不同的方法后，我找到了解决方案！

把所有代理的指令到位置情况下，SSLVerifyClient指令，这些主机或虚拟主机设置为可选，并把SSLVerifyClient需要到需要的地方的位置指令。

SSLVerifyClient optional 
SSLVerifyDepth 2 
SSLOptions +ExportCertData +StdEnvVars 

ProxyRequests Off 

<Location /app1/services/App01> 
    SSLVerifyClient require 
    ProxyPass ajp://localhost:8307/app1/services/App01 
    ProxyPassReverse ajp://localhost:8307/app2/services/App02 
</Location> 

<Location /app2/services/App02> 
    ProxyPass ajp://localhost:8307/app2/services/App02 
    ProxyPassReverse ajp://localhost:8307/app2/services/App02 
</Location>