Hi,
Could someone to help me to understand how to enable `ssl_verify_client` conditionally? Is it possible to do this? I need to enable client certificate verification only for requests from outside of our intranet and no need to do verification for request from, for example, 192.168.0.0/24.
I tried use geo module to define variable for internal subnet
geo $intranet {
default 0;
192.168.0.0/24 1;
}
if ($intranet != 1) {
ssl_verify_client on;
}
but it is impossible to use `ssl_verify_client` directive inside 'if' statement. I get an error:
"ssl_verify_client" directive is not allowed here
Is there other way to do this?
Thanks.
Could someone to help me to understand how to enable `ssl_verify_client` conditionally? Is it possible to do this? I need to enable client certificate verification only for requests from outside of our intranet and no need to do verification for request from, for example, 192.168.0.0/24.
I tried use geo module to define variable for internal subnet
geo $intranet {
default 0;
192.168.0.0/24 1;
}
if ($intranet != 1) {
ssl_verify_client on;
}
but it is impossible to use `ssl_verify_client` directive inside 'if' statement. I get an error:
"ssl_verify_client" directive is not allowed here
Is there other way to do this?
Thanks.