{
    # vim: ft=perl:

    $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ?  'yes' : 'no';

    $OUT = '';
    if ((${'httpd-pki'}{'status'} || 'disabled') eq 'enabled'){

        if (($port eq "80") && ($haveSSL eq 'yes')){
            $OUT .= "    RewriteRule ^/phpki(/.*|\$)    https://%{HTTP_HOST}/phpki\$1 [L,R]\n";
        }
        else{
            $OUT .= "    ProxyPass /phpki http://127.0.0.1:${'httpd-pki'}{TCPPort}/phpki\n";
            $OUT .= "    ProxyPassReverse /phpki http://127.0.0.1:${'httpd-pki'}{TCPPort}/phpki\n";
        }

        $OUT .=<<"HERE";

    <Location /phpki>
        SSLRequireSSL on
        order deny,allow
        deny from all
        allow from $localAccess $externalSSLAccess
    </Location>

HERE
    }
}
