Unable to configure apache to restrict access by IP for proxy
19,784
Solution 1
I found answer from: mod_proxy - Apache HTTP Server and I test it (It works!(TM)):
<Proxy *>
Order deny,allow
Deny from all
Allow from 10.52.208.221
Allow from 10.52.208.223
</Proxy>
Solution 2
I believe what you're looking for is:
<Directory proxy:>
Order deny,allow
Deny from all
Allow from 10.52.208.221
Allow from 10.52.208.223
</Directory>
The order of Order matters :-)
Solution 3
Following config might come handy if you want to restrict certain paths of you proxied website.
I have included an IP and a subnet in one rule, for those who need to allow a whole subnet rather than a set of single IPs.
<Location /foo>
Deny from all // **This rule is the most IMPORTANT**
Allow from 192.168.1.2 10.100 // The second value implies 10.100.0.0/16 subnet
ProxyPass http://example.com/foo
ProxyPassReverse http://example.com/foo
</Location>
Related videos on Youtube
Author by
alexus
Consulting | alexus.biz Dmitry Chorine | LinkedIn a1exus (a1exus) on Twitter Verify a Red Hat Certified Professional | redhat.com
Updated on September 18, 2022Comments
-
alexus over 1 year
I added following into my httpd.conf (after VirtualHost):
<VirtualHost *:80> ServerName XXX.XXX.XXX <Directory proxy:> Order allow,deny Allow from 10.52.208.221 Allow from 10.52.208.223 Deny from all </Directory> ProxyPass / http://XXX.XXX.XXX/ RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/admin/$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </VirtualHost>
yet, I'm able to access my VirtualHost from other IPs:
# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.4 (Santiago) # uname -a Linux XXXXX.XXXXX.XXX 2.6.32-358.18.1.el6.x86_64 #1 SMP Fri Aug 2 17:04:38 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux # httpd -V Server version: Apache/2.2.15 (Unix) Server built: Aug 2 2013 08:02:15 Server's Module Magic Number: 20051115:25 Server loaded: APR 1.3.9, APR-Util 1.3.9 Compiled using: APR 1.3.9, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" # rpm -q httpd httpd-2.2.15-29.el6_4.x86_64 #
-
alexus over 10 yearsReally? I thought "Order" takes care of that (not lines)...
-
alexus over 10 yearsi upvote as some of that answer is right, yet it still didn't solve my issue, so I posted "right answer"), thanks!
-
Admin almost 2 yearsAnd if you have an entry for port :80 and another for port :443, make sure to change both (duh!).