Link to home
Start Free TrialLog in
Avatar of JAaron Anderson
JAaron AndersonFlag for United States of America

asked on

How to setup Tomcat/Apache to restrict ip range access to a target directory

I have a .war file which consists of two individual URL automatic re-write addresses
a) /admin
b) /customer

each of these mappings resolve to two separate java servlet beans

In my httpd.conf I have port 443 only set NO port 80
My Goal ::.
***********************************************************
How can I restrict the auto re-write URL a) /admin to ONLY be accessible
by a whitelist ip cluster ***.***.***.*** and not impact URL b) /customers
accessibility from the public Internet Cloud from all :443 client requests ?
***********************************************************
Can I add a distinct Virtual Host instruction block with specific restriction clause
 configurations for /admin directory whitelisting the targeted IP octet cluster?

thanks in advance
I posted before but said it was an answer when it only sort of worked but did not fully solve the administration I intended.

adding did not seem to be enough :

<Location  /admin/>
  Order Deny,Allow
  Deny from all
  Allow from xxx.yyy.zzz
...
</Location>

#Listen 127.0.0.1:80 #fake ip for code example
#Listen 80
<VirtualHost 127.0.0.1:443> #fake ip for code example
        DocumentRoot /var/www/html
        ServerName ******.******.***
        ServerAdmin admin@******.***
        ErrorLog /***/*****/****/ssl_error_log
        TransferLog /***/****/*****/ssl_access_log
        SSLEngine On
        SSLCertificateFile /***/*****/******/****.crt
        SSLCertificateKeyFile ***/*****/******/****.key
</VirtualHost>
 
 
Open in New WindowSelect All

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Michael Worsham
Michael Worsham
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of JAaron Anderson

ASKER

no preface for using the embedded code but it was straight forward enough to implement WOW way to go !