Re: HTTP_REFERER and Access Control (Apache Users)

Re: HTTP_REFERER and Access Control

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: users@xxxxxxxxxxxxxxxx

Subject: Re: HTTP_REFERER and Access Control

From: David Ecker <david@xxxxxxxxxxxxxxxxx>

Date: Fri, 11 Oct 2013 17:11:06 +0200

In-reply-to: <CADk=A+tZf9zAC_Qy7HuG8+krQN8y4sxYK0g3cHR9z-8HGgcdnA@mail.gmail.com>

Reply-to: users@xxxxxxxxxxxxxxxx

User-agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8

Hi,

you could use host based access control giving full access to the server applications.examle.com:

http://httpd.apache.org/docs/2.2/howto/access.html

The problem is that the request to secure.example.com has to come from applications.example.com and not from the client browser. You could use mod_proxy directives for that.

For example on the application webserver:
ProxyPass /secure http://secure.example.com/
ReverseProxyPass /secure http://secure.example.com/

With that every browser accessing http://application.example.com/secure will actually get the content of http://secure.example.com.

But that only works if you did set host based access rules as in the above link.

bye
David

Am 11.10.2013 16:58, schrieb Philippe Marcoussis:

Hello,

I am facing a problem, and i don't known how to solve it.

I have two web sites working and available on the internet :

- applications.example.com

- secure.example.com

I would like :

1) to allow FULL access FROM applications.example.com TO secure.example.com ( without any authentication)

AND

2) to allow access FROM Internet TO secure.example.com only with LDAP Authentification.

PS: I know how to configure ldap authentication, that is not the matter

What apache directive should I use ? mod_rewrite ? http_referer ?

Thanks,

References:

HTTP_REFERER and Access Control
- From: Philippe Marcoussis