27 lines
861 B
Text
27 lines
861 B
Text
Tell us if you have a better installation or one that is proven to work.
|
|
Also please let us know if there is a better or more efficient way to do
|
|
what we're trying to do here. Technologies change over time, keep us up
|
|
to date ;)
|
|
|
|
Alias /repo/pkgs/ /repo/pkgs/
|
|
|
|
<Directory /repo/pkgs/>
|
|
SSLVerifyClient optional
|
|
SSLVerifyDepth 1
|
|
SSLOptions +StrictRequire +StdEnvVars +OptRenegotiate
|
|
# require that the access comes from internal or that
|
|
# the client auth cert was created by us and signed by us
|
|
SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
|
|
and %{SSL_CLIENT_S_DN_O} eq "Fedora Project" \
|
|
and %{SSL_CLIENT_I_DN_O} eq "Fedora Project" \
|
|
and %{SSL_CLIENT_I_DN_OU} eq "Upload Files" )
|
|
</Directory>
|
|
|
|
<Location "/repo/pkgs/upload.cgi">
|
|
SetHandler cgi-script
|
|
Options ExecCGI
|
|
Order Allow,Deny
|
|
Allow from all
|
|
SSLRequireSSL
|
|
</Location>
|
|
|