I would like to configure Apache (2.2)to restrict what domains users can access e.g. if apache FQDN is myapache.myfunnydomain.com then apache will only allow requests to resources in .myfunnydomain.com (or whatever domain I configure as legal) and refuse all other requests (redirect to error page)
I use a third party product to enforce user log in, session mgt. etc. If a user tries to access a resource and they have no session the third party product will intercept, and redirect them to a login page. It will construct a URL for the login page with a 'goto' directing the user to the originally requested resource once the thrid party product has authenticated the user.
I would like to implement this on apache because:
1) It limits our dependence on the third party product
2) Attempts to configure the thrid party product to restrict 'goto' domains have proven unsuccessful