httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Rush <da...@rushtone.com>
Subject [users@httpd] Securing some URLs at my Reverse Proxy
Date Thu, 18 Mar 2010 16:26:25 GMT
I've got a reverse proxy setup using httpd 2.2.8 (on Windoze) on both 
the rev proxy and the internal (origin) server, along with Tomcat on the 
origin server with a couple webapps (as .war files) supporting the site.

Most of the application is at or near the root (/) of the origin server 
(/index.html, etc.).

One of the Tomcat webapps has some URL paths that must be accessible to 
the public, but others that should not.

So at the rev proxy server, I'd like to be able to lock out some URLs.

More specifically, I want to allow all access to / and below, except for 
one particular path prefix (/foo) while allowing a handful of specific 
paths down the otherwise denied path prefix.

So allow:
/
/a
/a/*
and deny
/foo and /foo/*
while allowing /foo/b/c/*

I've had some success with:
ProxyPass /foo/b/c/ http://origin:88/foo/b/c/
ProxyPassReverse /foo/b/c/ http://origin:88/foo/b/c/
ProxyPass /foo !
ProxyPass / http://origin:88/
ProxyPassReverse / http://origin:88/

But then requests to /foo/* "fall through" and the proxy tries to serve 
them from its local documents (which don't generally exist, but still 
it's messy and a bit disconcerting that this is allowing folks to poke 
around).

Any suggestions on the best way to do this?

David

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message