{
    # vim: ft=perl:


    $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ?  'yes' : 'no';

    $OUT = '';
    if ((${'httpd-pki'}{'status'} || 'disabled') eq 'enabled'){

        if (($port eq "80") && ($haveSSL eq 'yes')){
            $OUT .= "    RewriteRule ^/phpki(/.*|\$)    https://%{HTTP_HOST}/phpki\$1 [L,R]\n";
        }
        else{
            $OUT .= "    ProxyPass /phpki http://127.0.0.1:${'httpd-pki'}{TCPPort}/phpki\n";
            $OUT .= "    ProxyPassReverse /phpki http://127.0.0.1:${'httpd-pki'}{TCPPort}/phpki\n";
        }

        $OUT .=<<"HERE";

	#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
	#LoadModule proxy_connect_module modules/mod_proxy_connect.so
	#LoadModule proxy_express_module modules/mod_proxy_express.so
	#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
	#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
	#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
	#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

    <Location /phpki>
        SSLRequireSSL on
        Require ip $localAccess $externalSSLAccess
    </Location>
    # we want Public access to  ns_revoke_query.php
    <Location /phpki/ns_revoke_query.php>
        Require all granted
    </Location>
    # we want Public access to  policy
    <Location /phpki/policy.html>
        Require all granted
    </Location>
    # we want Public access to help 
    <Location /phpki/help>
        Require all granted
    </Location>
    <Location /phpki/help.php>
        Require all granted
    </Location>
    # we want Public access to crl list
    <Location /phpki/dl_crl.php>
        Require all granted
    </Location>
    <Location /phpki/dl_crl_pem.php>
        Require all granted
    </Location>
    # and we redirect old config to our new safer script
    RewriteEngine On
    RewriteCond %{QUERY_STRING} stage=dl_crl(&|\$)
    RewriteRule ^ /phpki/dl_crl.php [QSD,R=302,L]
    RewriteCond %{QUERY_STRING} stage=dl_crl_pem(&|\$)
    RewriteRule ^ /phpki/dl_crl_pem.php [QSD,R=302,L]

HERE
   # safely redirect crl request to php script striping all GET requests 
   # but would leave POST
   #RewriteEngine On
   #RewriteCond %{REQUEST_URI} ^/?phpki/dl_crl/?\$
   #RewriteRule ^ /phpki/index.php?stage=dl_crl [P,NC]

    }
}
