RewriteEngine On

# An exception has to be made for CSS files:
RewriteRule ^(styles/default/.*.css)$  $1  [L]

RewriteRule ^index$                             index.html          [QSA,L]
RewriteRule ^index.html$                        index.html          [QSA,L]
RewriteRule ^([^\/]+)$                          cgi-bin/tables.pl   [QSA,L]
RewriteRule ^([^\/]+)/([^\/\.]+)$               cgi-bin/db.pl       [QSA,L]
RewriteRule ^([^\/]+)/([^\/\.]+)/([^\/]+)$      cgi-bin/modify.pl   [QSA,L]
RewriteRule ^([^\/]+)/([^\/\.]+)/([^\/]+)/([^\/]+)$ cgi-bin/image.pl    [QSA,L]
# Levels 1 through 4 are redirected to the: tables.pl, db.pl, modify.pl,
# image.pl (accordingly). So: 'starting_level' signifies the maximum level (i.e.
# 4); 'suffix' - the part of the URL that goes after the 'starting_level'.
RewriteRule ^([^\/]+)/([^\/\.]+)/([^\/]+)/([^\/]+)/(.*)$ cgi-bin/notfound.pl?suffix=$5&starting_level=4  [L]

RewriteRule cgi$                        cgi-bin/cgi.pl

# Allow uploads of large files via SSL. See
# https://bz.apache.org/bugzilla/show_bug.cgi?id=39243 and
# http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrenegbuffersize
# for details:

SSLRenegBufferSize 13107200

SSLRequireSSL

SSLVerifyClient optional
SSLVerifyDepth 3
#SSLOptions +FakeBasicAuth +StrictRequire 

<If "%{SSL:SSL_CLIENT_VERIFY} == 'SUCCESS'" >
    #ErrorDocument 404 "%{SSL_CLIENT_SAN_OTHER_msUPN_3}"
    #RewriteRule ^ - [L,R=404]
    #AuthBasicFake "%{SSL_CLIENT_S_DN}"
    SSLUserName SSL_CLIENT_S_DN_CN
    Require ssl-verify-client 
</If>
<ElseIf "%{SSL:SSL_CLIENT_VERIFY} != 'SUCCESS' && %{REQUEST_METHOD} == 'GET'" >
    Satisfy any
</ElseIf>
<Else>
    AuthType basic
    AuthName "Editing a database requires authentication"
    AuthBasicProvider file
    AuthUserFile "/etc/restfuldb/htpasswd"
    SSLOptions +FakeBasicAuth

    Require valid-user
</Else>
