On Sat, Jan 14, 2012 at 8:35 AM, Asplund Marko <marko.asplund@xxxxxxxxxx> wrote:
> Hi,
>
> I'm using Apache httpd to act as a reverse proxy and I'd like to block
> access to all but explicitly listed resources.
> I've come up with two possible solutions that i'd like to check with more
> experienced mod_rewrite users.
>
> Is there any difference between the two approaches below from performance
> or other points of view?
> I expect the set of allowed resources to be probably below 30.
> I'm also planning on employing other Apache modules in the proxy such as
> mod_cache and possibly mod_security.
>
> # method A: one rule with several conditions.
> # allow access to resources starting with /foo/, /bar/ or /baz/; block
> others
> RewriteCond %{REQUEST_URI} ^/foo/ [OR]
> RewriteCond %{REQUEST_URI} ^/bar/ [OR]
> RewriteCond %{REQUEST_URI} ^/baz/
> RewriteRule ^ - [P]
>
> RewriteRule ^ - [F]
>
> # method B, multiple rules without conditions
>
> # allow access to resources starting with /foo/, /bar/ or /baz/; block
> others
> RewriteRule ^/foo/ - [P]
> RewriteRule ^/bar/ - [P]
> RewriteRule ^/baz/ - [P]
> RewriteRule ^ - [F]
>
>
> All requests are currently proxied to the backend server simply using:
>
>
> ProxyPass / ajp://127.0.0.1:8009/
>
>
> marko
>
If you don't want to proxy certain URLs, then instruct mod_proxy not
to proxy them:
ProxyPass /foo !
ProxyPass /bar !
ProxyPass /baz !
ProxyPass / ajp://127.0.0.1:8009/
No need to be messing with rewrite rules.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|