SSLCertificateFile /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/chain.pem
+
+<Location />
+
+ Order deny,allow
+ # allow local subnets
+ Allow from 193.198.212 193.198.213 193.198.214 193.198.215
+ deny from all
+ # file is htpasswd as first try and ldap as second
+ AuthBasicProvider file ldap
+ AuthType basic
+ AuthUserFile /data/proxy/.htpasswd
+ AuthName "[ UPUTA: za pristup se koristi AAI korisnicki racun dobiven na FFZG. ]"
+
+ AuthLDAPURL "ldaps://ldap.ffzg.hr/dc=ffzg,dc=hr?hrEduPersonUniqueID?"
+
+ Require valid-user
+ satisfy any
+
+</Location>
+
+# don't pass through authorization header!
+RequestHeader unset Authorization