filter access to data on Apache

Posted on 2011-03-23
Medium Priority
Last Modified: 2012-05-11
Is it possible to filter access to directories in Apache via ProxyPass or proxyPassReverse in mod proxy.

For example I have a server with two interfaces. and lets say
Anyone coming to the server from I dont want to give access to the admin interface and anyone coming from I do want to give access to the server.

Lets say the directories are test and test/admin

Question by:enigma1234567890
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 31

Expert Comment

ID: 35198035
You can achieve this simply by iptables

iptables -A INPUT -d --dport 80 -j DROP

iptables -A INPUT -d --dport 80 -j ACCEPT

Open in new window


Author Comment

ID: 35198096
sorry not using IP tables.  I was asked to do it a specisif way and want to know if its possible or not

Expert Comment

ID: 35198208
Some more info.

Lets see if I have this right.
You have an apache server with 2 nics
Nic1 has IP
Nic2 Has IP

If a user hits IP Address then allow access to test AND test/admin
If a user hits IP Address then only allow access to test and OT test/admin

You can do directory level access when you know the IP of the host
Allow from

can you have it so a know list of IP Addresses can get access to the test/admin and everyone else is denied.

eg: (this may not be 100% but you get the idea)
<Directory /path to web folder/test>
     Order Deny,Allow
     Allow from all
<Directory /path to web folder/test/admin>
     Order Deny,Allow
     Allow from <ip 1> <ip 2>


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 35198916
Yea please not the question is can it be achieved vi mod proxy not any other method and if so how.  The explination above is fine

Expert Comment

ID: 35215478
I think m_walker had the correct answer to your question.

You configure your proxy just like a normal apache directory as he stated. The specific example used on the mod_proxy website is.

<Proxy *>
Order Deny,Allow
Deny from all
Allow from 192.168.0

If you would post your proxy configuration directives it would be simple to give you exact changes required to achieve this result.
LVL 31

Expert Comment

ID: 35220648
You may want to try something like this
RewriteCond %{REMOTE_ADDR} !^1\.1\.1\.1$

Open in new window


Accepted Solution

m_walker earned 2000 total points
ID: 35220753
farzani:  I think the filter needs to be on the apache server IP that the user hits,not the users source IP.  

eg: On my my computer I have IP Address of Then I could and since I hit the server IP then I can Access the admin folder.  But if I go to then I cant get access to the admin folder.  So the rule needs to use the apache serveres local IP.

I am assuming there are other things in place that will manage who can route to each interface, so the 10.1.1.x/24 could be the admin network.

That said I'm sure you will know how do to it :)

Author Comment

ID: 35231992
yes it is possible via mod proxy as a reverse proxy to itself.  Set it up last week

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses
Course of the Month9 days, 6 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question