
Alias           /phpki        /opt/phpki/html/

# Main access allowed for valid user
<Directory /opt/phpki/html>
        AddType application/x-httpd-php .php
	Options FollowSymLinks
        php_flag register_globals off
        php_flag register_long_arrays on
        php_admin_value session.save_path /var/lib/php/pki-session
        php_admin_value openbase_dir /opt/phpki:/var/lib/php/pki-session
        AddType application/x-x509-ca-cert .crt  .pem
        AddType application/pkix-crl    .crl
        AddType application/pkix-cert   .cer .der
        AllowOverride None
        order deny,allow
        deny from all
        allow from 127.0.0.1
</Directory>

# /ca is only allowed for admin and explicitely authorized users
<Location /phpki/ca>
	AuthName "PHPKI Admin"
        AuthType Basic
        TKTAuthLoginURL /server-common/cgi-bin/login
        require user admin {getUsersList("phpki");}
        SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
        Satisfy all
</Location>

# Disable access to /admin, which is used to configure user/password 
# via an htaccess file
<Directory /opt/phpki/html/admin>
	order deny,allow
	deny from all
</Directory>

