Mobile app version of vmapp.org
Login or Join
Megan663

: Using mod_ssl to force client authentication using certs on Apache I run a personal cloud server. The only person that needs access is myself. I have been looking into ways to deny access to

@Megan663

Posted in: #Apache

I run a personal cloud server. The only person that needs access is myself. I have been looking into ways to deny access to even the cloud login screen to all but myself. If I am reading this correctly,
httpd.apache.org/docs/2.4/ssl/ssl_howto.html#allclients
That seems to indicate I could drop a client cert on each PC I want to have access to the web server without putting anything overt in the way (like another user/pass) and anyone else would be denied. Am I reading this correctly? (That is my specific question)

The point to this, even though the files are not sensitive, they are under block-level encryption and the actual cloud server has a user login itself. However I would like to deny access from the apache server so that someone doesn't even know what that points to just by going to the address (without really snooping), basically a 403 forbidden or 404 not found instead of the login screen. I can't use a deny all except because the laptop isn't always on the same network and another user/pass from apache I think would interfere with the syncing mechanism of the software. However, if cert authorization works the way I think I am reading it, it should provide the answer I'm looking for. Do I have this right or is there a better solution altogether that I don't see? (I am an amateur, just trying to learn). Any other suggestions are welcome too.

10% popularity Vote Up Vote Down


Login to follow query

More posts by @Megan663

0 Comments

Sorted by latest first Latest Oldest Best

Back to top | Use Dark Theme