On a kind of "intranet" website, which is secured with username/password combinations and HTTPS I've implemented the next feature:
- Authorized users can read everything on the website
- Files with in their filename "classified" requires a valid SSL-Client certificate...
Here is the output of my apache config:<Directory /usr/sites/ssl-site/intranet/htdocs>
Options Indexes MultiViews
Allow from all
I still have to sort out some issues, like directories having a directory with the name "classified" in them.