Solved

filter access to data on Apache

Posted on 2011-03-23
8
206 Views
Last Modified: 2012-05-11
Is it possible to filter access to directories in Apache via ProxyPass or proxyPassReverse in mod proxy.

For example I have a server with two interfaces.  10.1.1.1 and lets say 1.1.1.1.
Anyone coming to the server from 1.1.1.1 I dont want to give access to the admin interface and anyone coming from 10.1.1.1 I do want to give access to the server.

Lets say the directories are test and test/admin

0
Comment
Question by:enigma1234567890
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 35198035
You can achieve this simply by iptables


iptables -A INPUT -d 1.1.1.1 --dport 80 -j DROP

iptables -A INPUT -d 10.1.1.1 --dport 80 -j ACCEPT

Open in new window

0
 

Author Comment

by:enigma1234567890
ID: 35198096
sorry not using IP tables.  I was asked to do it a specisif way and want to know if its possible or not
0
 
LVL 4

Expert Comment

by:m_walker
ID: 35198208
Some more info.

Lets see if I have this right.
You have an apache server with 2 nics
Nic1 has IP 10.1.1.1.
Nic2 Has IP 1.1.1.1

If a user hits IP Address 10.1.1.1 then allow access to test AND test/admin
If a user hits IP Address 1.1.1.1 then only allow access to test and OT test/admin

You can do directory level access when you know the IP of the host
eg:
Allow from 192.168.1.104 192.168.1.205

can you have it so a know list of IP Addresses can get access to the test/admin and everyone else is denied.

eg: (this may not be 100% but you get the idea)
<Directory /path to web folder/test>
     Order Deny,Allow
     Allow from all
 </Directory>
<Directory /path to web folder/test/admin>
     Order Deny,Allow
     Allow from <ip 1> <ip 2>
 </Directory>



0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:enigma1234567890
ID: 35198916
Yea please not the question is can it be achieved vi mod proxy not any other method and if so how.  The explination above is fine
0
 
LVL 2

Expert Comment

by:PowerToaster
ID: 35215478
I think m_walker had the correct answer to your question.

You configure your proxy just like a normal apache directory as he stated. The specific example used on the mod_proxy website is.

<Proxy *>
Order Deny,Allow
Deny from all
Allow from 192.168.0
</Proxy>

If you would post your proxy configuration directives it would be simple to give you exact changes required to achieve this result.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35220648
You may want to try something like this
RewriteCond %{REMOTE_ADDR} !^1\.1\.1\.1$

Open in new window

0
 
LVL 4

Accepted Solution

by:
m_walker earned 500 total points
ID: 35220753
farzani:  I think the filter needs to be on the apache server IP that the user hits,not the users source IP.  

eg: On my my computer I have IP Address of 10.1.1.10 Then I could http://10.1.1.1 and since I hit the server IP 10.1.1.1 then I can Access the admin folder.  But if I go to http://1.1.1.1 then I cant get access to the admin folder.  So the rule needs to use the apache serveres local IP.

I am assuming there are other things in place that will manage who can route to each interface, so the 10.1.1.x/24 could be the admin network.

That said I'm sure you will know how do to it :)
 
0
 

Author Comment

by:enigma1234567890
ID: 35231992
yes it is possible via mod proxy as a reverse proxy to itself.  Set it up last week
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question