source: trunk/server/fedora/config/etc/httpd/conf.d/scripts-special.conf @ 1800

Last change on this file since 1800 was 1483, checked in by geofft, 13 years ago
__scripts/needcerts: Add support for working around Safari Safari on Mac OS X (or more properly, CFNetwork and the rest of the SSL stack) doesn't properly support SSLVerifyClient Optional, which is our default for :444. In particular, if you don't have an identity preference set, only SSLVerifyClient Require will trigger the dialog to set an identity preference and present a certificate to the site: http://lists.apple.com/archives/apple-cdsa/2009/Apr/msg00041.html We can work around this by checking for the Safari user-agent in /__scripts/needcerts and renegotiating SSLVerifyclient Require. Forcing the Require behavior on Safari users that reach this page is reasonable because this page is only (supported to be) reached as an ErrorDocument 401; if you're intentionally using AuthOptional on to take advantage of the optional authentication, you'll never trigger the 401 error.
File size: 1.5 KB
Line 
1Alias /__scripts/heartbeat /afs/athena.mit.edu/contrib/scripts/web_scripts/heartbeat
2Alias /__scripts/django/media /usr/lib/python2.6/site-packages/django/contrib/admin/media
3Alias /__scripts /afs/athena.mit.edu/contrib/scripts/www
4
5<Directory /afs/athena.mit.edu/contrib/scripts/www>
6    <Files *>
7        SetHandler none
8    </Files>
9</Directory>
10
11<Directory /usr/lib/python2.6/site-packages/django/contrib/admin/media>
12    <Files *>
13        SetHandler none
14    </Files>
15</Directory>
16
17<Location /__scripts/needcerts>
18    RewriteEngine On
19
20    RewriteCond %{HTTP_HOST} !:444$
21    RewriteCond %{SERVER_NAME} ^(.*\.)?scripts$
22    RewriteCond %{THE_REQUEST} ^[^\ ]*\ (.*)\ .*
23    RewriteRule ^ https://%{SERVER_NAME}.mit.edu:444%1 [L,R]
24
25    RewriteCond %{HTTP_HOST} !:444$
26    RewriteCond %{SERVER_NAME} !=scripts-cert.mit.edu
27    RewriteCond %{SERVER_NAME} !=scripts-cert
28    RewriteCond %{THE_REQUEST} ^[^\ ]*\ (.*)\ .*
29    RewriteRule ^ https://%{SERVER_NAME}:444%1 [L,R]
30
31    RewriteCond %{HTTP_USER_AGENT} Mac\ OS\ X.*AppleWebKit
32    RewriteRule /afs/athena.mit.edu/contrib/scripts/www/needcerts(.*) /__scripts/safarihack$1 [L]
33
34    RewriteRule /afs/athena.mit.edu/contrib/scripts/www/needcerts(.+) $1 [L]
35    RewriteRule /afs/athena.mit.edu/contrib/scripts/www/needcerts /__scripts/unauthorized.html [L]
36</Location>
37
38<Location /__scripts/safarihack>
39    SSLVerifyClient require
40    RewriteRule /afs/athena.mit.edu/contrib/scripts/www/safarihack(.+) $1 [L]
41    RewriteRule /afs/athena.mit.edu/contrib/scripts/www/safarihack /__scripts/unauthorized.html [L]
42</Location>
Note: See TracBrowser for help on using the repository browser.