Multiple auth flows in apache

It looks like if you specify multiple Require statements, it could require any one of them (depending on whether a check fails or is neutral). In my case, I can use the following:

Require ldap-filter objectclass=user
Require ssl-verify-client

This still performs the LDAP lookup, but given the SSL requirement passes, it will still allow the user through.

You can see mod_authz_core for how you can use RequireAny and RequireAll for more complex requirements, though these can’t be combined with LimitExcept. I assume you could use Require method OPTIONS instead but haven’t investigated further as the above meets my needs.

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top