iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide—523346-002
4-29
Using SSL and PCT Environment Variables in CGI
Programs
You can further restrict access by using the -auth option of the
RequireSecureTransport command to require that client authentication occurs, as
in this example:
Region /recipes/* {
RequireSecureTransport -auth
}
In this example, only clients that have been authenticated using SSL or PCT are
allowed access to objects in the /recipes/top-secret region on the server. (For a full
description of the Region command, see Region on page A-39.)
You also can use CGI environment variables in Region commands. All security-
related CGI variables are available in Region commands. For example:
The following command allows access only to clients using keys 128 bits long:
Region /* {
if {$HTTPS_KEYSIZE != 128} {Deny}
}
Following is another example, using the web client’s DN:
set goodusers {CN=User 1, OU=Persona Certificate,\ O="RSA Data
Security, Inc.", C=US}
lappend goodusers {CN=User 2, OU=Persona Certificate,\ O="RSA
Data Security, Inc.", C=US}
RegionSet goodusers $goodusers
Region /* {
RequireSecureTransport -auth $goodusers
}
This command allows access only to clients who have presented a certificate by using
one of the DNs specified in goodusers.
Using SSL and PCT Environment Variables in CGI Programs
You can use SSL and PCT environment variables to access information about
individual requests from within CGI programs.
SSL environment variables are accessible from CGI programs. The method for
accessing these variables depends on the programming language being used. See
Section 8, Using Common Gateway Interface (CGI) Programs, for a list of the SSL and
PCT environment variables and for information about how to use them
programmatically.