[via-proxy] / ssl.conf

        SSLEngine on
        SSLCertificateFile      /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/chain.pem

<Location />

        Order deny,allow
        # allow local subnets
        Allow from 193.198.212 193.198.213 193.198.214 193.198.215 
        deny from all
        # file is htpasswd as first try and ldap as second
        AuthBasicProvider file ldap
        AuthType basic
        AuthUserFile /data/proxy/.htpasswd
        AuthName "[ UPUTA: za pristup se koristi AAI korisnicki racun dobiven na FFZG. ]"

        AuthLDAPURL "ldaps://ldap.ffzg.hr/dc=ffzg,dc=hr?hrEduPersonUniqueID?"

        Require valid-user 
        satisfy any


        # ProxyAddHeaders needs to be inside location to make them work!
        ProxyAddHeaders off

</Location>

# don't pass through authorization header!
RequestHeader unset Authorization

# http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#request-bodies
#SetEnv proxy-sendcl 1
#SetEnv proxy-sendchunked 1