Re: MOD_PROXY and Access Control by IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> I've been able to secure each proxy with this model:
> <Proxy http://*/App1/*>
>     Order Deny,Allow
>     #Permit IT
>     Allow from 10.1.0.0/24
>     #Permit Team1
>     Allow from 10.1.1.0/24
>     Deny from all
> </Proxy>
> 
> Is there a way we can define access once for the IT Subnet (10.1.0.0/24) once instead of per App?

One way would be

SetEnvIf Remote_Host ^10\.1\.0\. allow_IT
<Proxy http://*/App1/*>
    Order Deny,Allow
    #Permit IT
    Allow from env=allow_IT
    #Permit Team1
    Allow from 10.1.1.0/24
    Deny from all
</Proxy>

With this method you still have to include an Allow from env=allow_IT
inside every <Proxy> stanza, but at least you only have to specify their IP
address in one place.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux