[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 211
  • Last Modified:

filter access to data on Apache

Is it possible to filter access to directories in Apache via ProxyPass or proxyPassReverse in mod proxy.

For example I have a server with two interfaces.  10.1.1.1 and lets say 1.1.1.1.
Anyone coming to the server from 1.1.1.1 I dont want to give access to the admin interface and anyone coming from 10.1.1.1 I do want to give access to the server.

Lets say the directories are test and test/admin

0
enigma1234567890
Asked:
enigma1234567890
  • 3
  • 2
  • 2
  • +1
1 Solution
 
farzanjCommented:
You can achieve this simply by iptables


iptables -A INPUT -d 1.1.1.1 --dport 80 -j DROP

iptables -A INPUT -d 10.1.1.1 --dport 80 -j ACCEPT

Open in new window

0
 
enigma1234567890Author Commented:
sorry not using IP tables.  I was asked to do it a specisif way and want to know if its possible or not
0
 
m_walkerCommented:
Some more info.

Lets see if I have this right.
You have an apache server with 2 nics
Nic1 has IP 10.1.1.1.
Nic2 Has IP 1.1.1.1

If a user hits IP Address 10.1.1.1 then allow access to test AND test/admin
If a user hits IP Address 1.1.1.1 then only allow access to test and OT test/admin

You can do directory level access when you know the IP of the host
eg:
Allow from 192.168.1.104 192.168.1.205

can you have it so a know list of IP Addresses can get access to the test/admin and everyone else is denied.

eg: (this may not be 100% but you get the idea)
<Directory /path to web folder/test>
     Order Deny,Allow
     Allow from all
 </Directory>
<Directory /path to web folder/test/admin>
     Order Deny,Allow
     Allow from <ip 1> <ip 2>
 </Directory>



0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
enigma1234567890Author Commented:
Yea please not the question is can it be achieved vi mod proxy not any other method and if so how.  The explination above is fine
0
 
PowerToasterCommented:
I think m_walker had the correct answer to your question.

You configure your proxy just like a normal apache directory as he stated. The specific example used on the mod_proxy website is.

<Proxy *>
Order Deny,Allow
Deny from all
Allow from 192.168.0
</Proxy>

If you would post your proxy configuration directives it would be simple to give you exact changes required to achieve this result.
0
 
farzanjCommented:
You may want to try something like this
RewriteCond %{REMOTE_ADDR} !^1\.1\.1\.1$

Open in new window

0
 
m_walkerCommented:
farzani:  I think the filter needs to be on the apache server IP that the user hits,not the users source IP.  

eg: On my my computer I have IP Address of 10.1.1.10 Then I could http://10.1.1.1 and since I hit the server IP 10.1.1.1 then I can Access the admin folder.  But if I go to http://1.1.1.1 then I cant get access to the admin folder.  So the rule needs to use the apache serveres local IP.

I am assuming there are other things in place that will manage who can route to each interface, so the 10.1.1.x/24 could be the admin network.

That said I'm sure you will know how do to it :)
 
0
 
enigma1234567890Author Commented:
yes it is possible via mod proxy as a reverse proxy to itself.  Set it up last week
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now