Link to home
Start Free TrialLog in
Avatar of CLR Benjamin
CLR BenjaminFlag for France

asked on

Apache - VH SYNTAX 2.4

Hi Experts,

I upgraded Apache 2.2 to 2.4, used as a proxy.

Here an example for one VH :

<VirtualHost *:80>
        Servername apps-dev.contoso.com

        <Location />
                Order Deny,Allow
                Include conf-ip/allowed-ip-contoso.conf
        </Location>

        ProxyPass / http://10.0.0.50:8091/
        ProxyPassReverse / http://10.0.0.50:8091/
</VirtualHost>

Open in new window


How to have the correct syntax with the "require" command?  

I tried Required ip... but not working.
How can we replace "Include conf-ip/allowed-ip-contoso.conf" with the correct syntax?
I tried Required ip conf-ip/allowed-ip-contoso.conf... but not working.

EDIT1 : Include working! But the problem come from the allowed-ip-contoso.conf :

Order deny,allow

Deny from all


#############################  
## ALLOW IP ##
#############################  
Allow from 172.17.17.0/24
Allow from 13.108.0.0/14
Allow from 96.43.144.0/20
Allow from 136.146.0.0/15
Allow from 204.14.232.0/21


What is the correct syntax for 2.4?

Thank you
Avatar of David Favor
David Favor
Flag of United States of America image

There is a syntax change.

The following is what I use for sites...

      DocumentRoot /sites/$project/$site/wordpress

      <Directory /sites/$project/$site/wordpress>
          Options +Indexes +FollowSymLinks
          AllowOverride All 
          Require all granted
      </Directory>

Open in new window


Note: If your proxy is FPM to run PHP, most distros take care of this for you with a /etc/apache2/conf-enabled/php7.3-fpm.conf file or something similar.

Be sure to check, because if your Distro packaging also contains proxy stanzas, then the duplication in your site config file will conflict with packaging config file.
Avatar of CLR Benjamin

ASKER

Thanks for your answer, I don't know if I understand what you said.

I just need to allow 192.168.0.0/16 172.19.0.0/16 to access the site.

I tried in the allowed_ip.conf :

<RequireAll>
    Require all denied
    Require ip 192.168.0.0/16
    Require ip 172.19.0.0/16
</RequireAll>

And it's not working.
Which module should be run on the server?
It seems that the "Require IP" not working at all...
I have this error when I put require IP XXX.XXX.XXX.XXX :
Forbidden You don't have permission to access / on this server.

Open in new window


When I put Require all granted, the site is opened everywhere...
Maybe I have something wrong on my configuration.

Tell me if you need logs.
ASKER CERTIFIED SOLUTION
Avatar of CLR Benjamin
CLR Benjamin
Flag of France image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial