{
    # vim: ft=perl:
		use esmith::AccountsDB;

		sub getUsersList ($){
						my ($panelName) = @_;
						my $a = esmith::AccountsDB->open_ro || die "Error opening accounts db";
						my @users = $a->users();
						my @groups = $a->groups();
						my @Users = ();
						foreach my $user (@users){
										my $panels = $user->prop('AdminPanels') || '';
										push(@Users,$user->key) if ($panels =~ /^(.*,)?$panelName(,.*)?$/);
						}
						foreach my $group (@groups){
										$panels = $group->prop('AdminPanels') || '';
														if ($panels =~ /^(.*,)?$panelName(,.*)?$/){
														my @members = split(/,/,($group->prop('Members') || ''));
														push(@Users,@members);
										}
						}

						my %seen = ();
						my $u = join (' ', grep { ! $seen{ $_ }++ } @Users);
						return $u;
		}

    $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ?  'yes' : 'no';

    $OUT = '';
    if ((${'httpd-isoqlog'}{'status'} || 'disabled') eq 'enabled'){

        if (($port eq "80") && ($haveSSL eq 'yes')){
            $OUT .= "    RewriteRule ^/isoqlog(/.*|\$)    https://%{HTTP_HOST}/isoqlog\$1 [L,R]\n";
        }
        else{
            $OUT .= '    RewriteRule ^/isoqlog$ https://%{HTTP_HOST}/isoqlog/ [R=301,L]'."\n";
        }

        my $userlist = getUsersList("isoqlog") ||"";
        my $ManagerTimeout = ${'httpd-admin'}{ManagerTimeout} || "30m";
        my $Cookie = ${'httpd-admin'}{Cookie} || "disabled";
        $Cookie = ("$Cookie" eq "enabled") ? "TKTAuthCookieExpires $ManagerTimeout"   : "#TKTAuthCookieExpires disabled";
        my $ManagerTimeoutReset = ${'httpd-admin'}{ManagerTimeoutReset} || "0.66";
        $OUT .=<<"HERE";

    <Location /isoqlog>
        AuthName "Isoqlog Admin"
        AuthType Basic
        TKTAuthLoginURL /server-common/cgi-bin/login
        TKTAuthIgnoreIP on
        TKTAuthTimeout $ManagerTimeout
        $Cookie 
        TKTAuthTimeoutRefresh $ManagerTimeoutReset
        <RequireAll>
          SSLRequireSSL on
          Require user admin $userlist
          Require ip $localAccess $externalSSLAccess
        </RequireAll>
    </Location>

HERE
    }
}
