Solved

filter access to data on Apache

Posted on 2011-03-23
8
207 Views
Last Modified: 2012-05-11
Is it possible to filter access to directories in Apache via ProxyPass or proxyPassReverse in mod proxy.

For example I have a server with two interfaces.  10.1.1.1 and lets say 1.1.1.1.
Anyone coming to the server from 1.1.1.1 I dont want to give access to the admin interface and anyone coming from 10.1.1.1 I do want to give access to the server.

Lets say the directories are test and test/admin

0
Comment
Question by:enigma1234567890
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 35198035
You can achieve this simply by iptables


iptables -A INPUT -d 1.1.1.1 --dport 80 -j DROP

iptables -A INPUT -d 10.1.1.1 --dport 80 -j ACCEPT

Open in new window

0
 

Author Comment

by:enigma1234567890
ID: 35198096
sorry not using IP tables.  I was asked to do it a specisif way and want to know if its possible or not
0
 
LVL 4

Expert Comment

by:m_walker
ID: 35198208
Some more info.

Lets see if I have this right.
You have an apache server with 2 nics
Nic1 has IP 10.1.1.1.
Nic2 Has IP 1.1.1.1

If a user hits IP Address 10.1.1.1 then allow access to test AND test/admin
If a user hits IP Address 1.1.1.1 then only allow access to test and OT test/admin

You can do directory level access when you know the IP of the host
eg:
Allow from 192.168.1.104 192.168.1.205

can you have it so a know list of IP Addresses can get access to the test/admin and everyone else is denied.

eg: (this may not be 100% but you get the idea)
<Directory /path to web folder/test>
     Order Deny,Allow
     Allow from all
 </Directory>
<Directory /path to web folder/test/admin>
     Order Deny,Allow
     Allow from <ip 1> <ip 2>
 </Directory>



0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:enigma1234567890
ID: 35198916
Yea please not the question is can it be achieved vi mod proxy not any other method and if so how.  The explination above is fine
0
 
LVL 2

Expert Comment

by:PowerToaster
ID: 35215478
I think m_walker had the correct answer to your question.

You configure your proxy just like a normal apache directory as he stated. The specific example used on the mod_proxy website is.

<Proxy *>
Order Deny,Allow
Deny from all
Allow from 192.168.0
</Proxy>

If you would post your proxy configuration directives it would be simple to give you exact changes required to achieve this result.
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35220648
You may want to try something like this
RewriteCond %{REMOTE_ADDR} !^1\.1\.1\.1$

Open in new window

0
 
LVL 4

Accepted Solution

by:
m_walker earned 500 total points
ID: 35220753
farzani:  I think the filter needs to be on the apache server IP that the user hits,not the users source IP.  

eg: On my my computer I have IP Address of 10.1.1.10 Then I could http://10.1.1.1 and since I hit the server IP 10.1.1.1 then I can Access the admin folder.  But if I go to http://1.1.1.1 then I cant get access to the admin folder.  So the rule needs to use the apache serveres local IP.

I am assuming there are other things in place that will manage who can route to each interface, so the 10.1.1.x/24 could be the admin network.

That said I'm sure you will know how do to it :)
 
0
 

Author Comment

by:enigma1234567890
ID: 35231992
yes it is possible via mod proxy as a reverse proxy to itself.  Set it up last week
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question