[ILUG] Apache ReverseProxy and security...
Gareth Eason
bigbro at skynet.ie
Wed Feb 21 17:16:03 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm having some trouble trying to get Apache to use ReverseProxy but
also acknowledge and use the Allow from and Deny from clauses for a web
server. My setup is the following:
------> [app-server1]
[WWW server] <-----|
------> [app-server2] etc.
I want people to hit the webserver with URL like
https://www.example.com/someapp/ and the webserver knows that someapp
is currently hosted on app-server1, so reverse proxies there and all is
good with the world. This works well with:
<Directory "/someapp">
ProxyPass http://app1.example.com:18001/
ProxyPassReverse http://app1.example.com:18001/
</Directory>
However, if I add access credentials, such as:
<Directory "/someapp">
ProxyPass http://app1.example.com:18001/
ProxyPassReverse http://app1.example.com:18001/
Order Allow,Deny
Allow from 1.2.3.4
Deny from all
</Directory>
I still am able to access the reverse proxied hosts from anywhere on the
internet, not just 1.2.3.4.
Does Apache support the type of checking I'm doing here? And if so, how?
Pointers in the right direction would be greatly appreciated.
Best regards,
-->Gar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFF3H5TK36C50PvIR8RAjGmAJ9gtrmSbPH6rq8mi4ZIbDCZzrKBMQCdEQem
lI+oSUXTBCkQbz49kwyz+L8=
=tP9J
-----END PGP SIGNATURE-----
More information about the ILUG
mailing list