SSLVerifyClient and apache Alias

This is a multi-part message in MIME format.

------_=_NextPart_001_01C4553D.052A70D0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello,
=20
We're setting up a site with client authentication and are using apache
1.3 and mod_ssl for that.
=20
We are using the apache alias command to make all requests to a certain
url pass through a php script.
The web dir where the script is located is protected by SSLVerifyClient
require.
=20
When i address a directory beyond the alias definition (which then is
passed through the php script), the client will get a SSL certificate
selection box.
When i authenticate with a correct SSL client cert, all is well,
everything works as it should work.
When i authenticate with a wrong SSL client cert, i *should* get a
forbidden, page not found or something alike.
=20
The problem is the folowing:
In this last example, i DO get the page in front of me, but only the
first time, on a refresh/reload of the page i get a forbidden.
It seems that only the initial request with a wrong certificate is
allowed to the apache Alias, after that everything is denied.
=20
Here is a small piece of my configuration.
=20
Alias /protected/dynamic
/website/docroot/protected/dynamic/index.php

SSLVerifyClient require
SSLVerifyDepth 2


Without the alias definition, everything does work as it should. The
alias definition is the causing the problem (but we kind of need it).
Am i doing something wrong? does the Alias definition need special
treatment within the ssl config?
=20
Regards,
Tom Duijf
Cee-Kay

------_=_NextPart_001_01C4553D.052A70D0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



charset=3Dus-ascii">