httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Schulman <and...@alumni.utexas.net>
Subject [users@httpd] Re: MOD_PROXY and Access Control by IP
Date Fri, 19 Nov 2010 19:18:08 GMT
> I've been able to secure each proxy with this model:
> <Proxy http://*/App1/*>
>     Order Deny,Allow
>     #Permit IT
>     Allow from 10.1.0.0/24
>     #Permit Team1
>     Allow from 10.1.1.0/24
>     Deny from all
> </Proxy>
> 
> Is there a way we can define access once for the IT Subnet (10.1.0.0/24) once instead
of per App?

One way would be

SetEnvIf Remote_Host ^10\.1\.0\. allow_IT
<Proxy http://*/App1/*>
    Order Deny,Allow
    #Permit IT
    Allow from env=allow_IT
    #Permit Team1
    Allow from 10.1.1.0/24
    Deny from all
</Proxy>

With this method you still have to include an Allow from env=allow_IT
inside every <Proxy> stanza, but at least you only have to specify their IP
address in one place.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message