Is is possible to make the SSL client certificate request conditional depending on the IP range of the user with nginx?
ssl_verify_client optional
always sends the request, but does not fail when no client certificate is provided. I want to make the request itself conditional.
The problem: I don't want the users within the intranet to be bothered by the browser asking for certificates, but only if they access the page from outside.
This fails:
if ($intranet != 1) {
ssl_verify_client on;
}
Error:
"ssl_verify_client" directive is not allowed here
ssl_verify_client
in second one.listen 192.168.0.1;
(internal IP) and second withlisten 1.2.3.4;
(external IP).