Re: [Pki-devel] restrictive proxy.conf for ipa
On 08/25/2011 12:03 PM, Ade Lee wrote:
ProxyRequests Off
# matches for ee port
<LocationMatch
"^/ca/ee/ca/checkRequest|^/ca/ee/ca/getCertChain|^/ca/ee/ca/getTokenInfo|^/ca/ee/ca/tokenAuthenticate|^/ca/ocsp|^/ca/ee/ca/updateNumberRange">
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient none
ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
</LocationMatch>
# matches for admin port
<LocationMatch
"^/ca/admin/ca/getCertChain|^/ca/admin/ca/getConfigEntries|^/ca/admin/ca/getCookie|^/ca/admin/ca/getStatus|^/ca/admin/ca/securityDomainLogin">
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient none
ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
</LocationMatch>
# matches for agent port and eeca port
<LocationMatch
"^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient">
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient require
ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/
</LocationMatch>
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
missing ^/ca/admin/ca/getDomainXML
Change that last LocationMatch to:
<LocationMatch
"^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient|^/ca/admin/ca/getDomainXML">