httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeroen Geilman <jer...@adaptr.nl>
Subject Re: [users@httpd] mod_rewrite access control configuration
Date Sat, 14 Jan 2012 17:46:37 GMT
On 01/14/2012 09:35 AM, Asplund Marko wrote:
> Hi,
>
> I'm using Apache httpd to act as a reverse proxy and I'd like to block
> access to all but explicitly listed resources.
> I've come up with two possible solutions that i'd like to check with more
> experienced mod_rewrite users.
>
> Is there any difference between the two approaches below from performance
> or other points of view?
> I expect the set of allowed resources to be probably below 30.
> I'm also planning on employing other Apache modules in the proxy such as
> mod_cache and possibly mod_security.
>
> # method A: one rule with several conditions.
> # allow access to resources starting with /foo/, /bar/ or /baz/; block
> others
> RewriteCond %{REQUEST_URI} ^/foo/ [OR]
> RewriteCond %{REQUEST_URI} ^/bar/ [OR]
> RewriteCond %{REQUEST_URI} ^/baz/
> RewriteRule  ^ - [P]
>
> RewriteRule ^ - [F]
>
> # method B, multiple rules without conditions
>
> # allow access to resources starting with /foo/, /bar/ or /baz/; block
> others
> RewriteRule ^/foo/ - [P]
> RewriteRule ^/bar/ - [P]
> RewriteRule ^/baz/ - [P]
> RewriteRule ^ - [F]
>
>
> All requests are currently proxied to the backend server simply using:
>
>
> ProxyPass / ajp://127.0.0.1:8009/
>
>

Rewrite and Proxypass are not related.
Why exactly are you using RewriteRules for this ?

-- 
J.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message