P.S. Nevermind the port 4433 in the example, that's because load balancer port natting.
The vHost works fine with outbound port 443. This question is only about the if/else block in combination with SSLCipherSuite. > Gesendet: Mittwoch, 24. Februar 2021 um 14:12 Uhr > Von: "Hildegard Meier" <[email protected]> > An: [email protected] > Betreff: [users@httpd] Set SSLCipherSuite dependent on client IP > > Hello, > > having Ubuntu 14 server with Apache 2.4.7 > > I configured to have SSLCipherSuite dependent on the client IP address. > > But the If/Else directive seems to be just silently ignored, only and always > the global default SSLCipherSuite value is in effect. > > The SSLCipherSuite given in the If or Else block (which should be taken for > every client that is not in the 1.2.3.0/26 network) is not taken. > > Why does this not work? > Is there another way to achieve the goal? > > > Here the vHost config: > > <VirtualHost *:4433> > > ServerName ssl-test.example.com > > DocumentRoot "/var/www/docs/empty" > > SSLEngine on > SSLCertificateKeyFile "/etc/apache2/ssl/keys/test.key" > SSLCertificateFile "/etc/apache2/ssl/certs/test.crt" > SSLCertificateChainFile "/etc/apache2/ssl/certs/test.crt" > > <If "-R '1.2.3.0/26'"> > SSLCipherSuite -all:MD5 > </If> > <Else> > SSLCipherSuite -all:SHA1 > </Else> > > CustomLog "/var/log/apache2/test/access.log" vhost_combined > ErrorLog "/var/log/apache2/test/error.443.log" > > </VirtualHost> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
