You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Todd Simons <ts...@delphi-tech.com> on 2009/03/04 22:40:36 UTC
[users@httpd] MOD_PROXY Reverse Proxy - control URI access by client IP Address
Hello All
We are using Apache as a reverse proxy solution. We present the apache
to the public, then have a few back end webservers that it re-writes.
We'd like to utilize one public hostname "http://webservers.domain.com"
to rewrite different web apps, but control the access to the web app by
ip address, similar to an "allow from" on a directory.
Is this possible?
For example:
#this should only be available to 10.5.1.0/24
ProxyPass /dev5/app1/ http://internalhost5/dev5/app1/
ProxyPassReverse /dev5/app1/ http://internalhost5/dev5/app1/
#this should only be available to 10.3.2.0/24
ProxyPass /dev3/app2/ http://internalhost3/dev3/app2/
ProxyPassReverse /dev3/app2/ http://internalhost3/dev3/app2/
Is this possible?
~Todd
## Scanned by Delphi Technology, Inc. ##
RE: [users@httpd] RE: [dtiSPAM] - Re: [users@httpd] MOD_PROXY Reverse Proxy - Email has different SMTP TO: and MIME TO: fields in the email addresses
Posted by Todd Simons <ts...@delphi-tech.com>.
My outlook uses TOFU
Thanks,
~Todd
-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Thursday, March 05, 2009 10:19 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] RE: [dtiSPAM] - Re: [users@httpd] MOD_PROXY Reverse Proxy - Email has different SMTP TO: and MIME TO: fields in the email addresses
On Thu, Mar 5, 2009 at 9:27 AM, Todd Simons <ts...@delphi-tech.com> wrote:
> So then how would I do it? Is it possible?
Are you intentionally creating new threads for each response, or is it
something your mail client / infrastructure is causing?
It would also help your issue get attention if you selectively quoted
and responded in-line.
http://en.wikipedia.org/wiki/Posting_style#Top-posting
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
## Scanned by Delphi Technology, Inc. ##
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RE: [dtiSPAM] - Re: [users@httpd] MOD_PROXY Reverse
Proxy - Email has different SMTP TO: and MIME TO: fields in the email
addresses
Posted by Eric Covener <co...@gmail.com>.
On Thu, Mar 5, 2009 at 9:27 AM, Todd Simons <ts...@delphi-tech.com> wrote:
> So then how would I do it? Is it possible?
Are you intentionally creating new threads for each response, or is it
something your mail client / infrastructure is causing?
It would also help your issue get attention if you selectively quoted
and responded in-line.
http://en.wikipedia.org/wiki/Posting_style#Top-posting
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] RE: [dtiSPAM] - Re: [users@httpd] MOD_PROXY Reverse Proxy - Email has different SMTP TO: and MIME TO: fields in the email addresses
Posted by Todd Simons <ts...@delphi-tech.com>.
So then how would I do it? Is it possible?
-----Original Message-----
From: Peter Schober [mailto:peter.schober@univie.ac.at]
Sent: Thursday, March 05, 2009 3:37 AM
To: users@httpd.apache.org
Subject: [dtiSPAM] - Re: [users@httpd] MOD_PROXY Reverse Proxy - Email
has different SMTP TO: and MIME TO: fields in the email addresses
* Todd Simons <ts...@delphi-tech.com> [2009-03-05 02:39]:
> I assume that I would build a <directory> to match the
> ProxyPass/ProxyPassReverse path statements?
[..]
> I tried this and it didn't work.
http://httpd.apache.org/docs/2.2/en/mod/core.html#directory
"Enclose a group of directives that apply only to the named
file-system directory and sub-directories"
The local path to the ProxyPass is not part of your file system.
cheers,
-peter
--
peter.schober@univie.ac.at - vienna university computer center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
-help@httpd.apache.org
## Scanned by Delphi Technology, Inc. ##
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] MOD_PROXY Reverse Proxy
Posted by Peter Schober <pe...@univie.ac.at>.
* Todd Simons <ts...@delphi-tech.com> [2009-03-05 02:39]:
> I assume that I would build a <directory> to match the
> ProxyPass/ProxyPassReverse path statements?
[..]
> I tried this and it didn't work.
http://httpd.apache.org/docs/2.2/en/mod/core.html#directory
"Enclose a group of directives that apply only to the named
file-system directory and sub-directories"
The local path to the ProxyPass is not part of your file system.
cheers,
-peter
--
peter.schober@univie.ac.at - vienna university computer center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] MOD_PROXY Reverse Proxy
Posted by Todd Simons <ts...@delphi-tech.com>.
Nick-
I assume that I would build a <directory> to match the ProxyPass/ProxyPassReverse path statements?
I tried this and it didn't work.
~Todd
______________________________________
Todd M. Simons
Lead IT Engineer
Delphi Technology, Inc
New Brunswick, NJ
________________________________
From: Nick Kew [mailto:nick@webthing.com]
Sent: Wed 3/4/2009 5:08 PM
To: users@httpd.apache.org
Subject: [dtiSPAM] - Re: [users@httpd] MOD_PROXY Reverse Proxy - control URI access by client IP Address - Email has different SMTP TO: and MIME TO: fields in the email addresses
On Wed, 4 Mar 2009 16:40:36 -0500
"Todd Simons" <ts...@delphi-tech.com> wrote:
> For example:
> #this should only be available to 10.5.1.0/24
> ProxyPass /dev5/app1/ http://internalhost5/dev5/app1/
> ProxyPassReverse /dev5/app1/ http://internalhost5/dev5/app1/
>
> #this should only be available to 10.3.2.0/24
> ProxyPass /dev3/app2/ http://internalhost3/dev3/app2/
> ProxyPassReverse /dev3/app2/ http://internalhost3/dev3/app2/
>
> Is this possible?
See the mod_authz_host page.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
## Scanned by Delphi Technology, Inc. ##
Re: [users@httpd] MOD_PROXY Reverse Proxy - control URI access by
client IP Address
Posted by Nick Kew <ni...@webthing.com>.
On Wed, 4 Mar 2009 16:40:36 -0500
"Todd Simons" <ts...@delphi-tech.com> wrote:
> For example:
> #this should only be available to 10.5.1.0/24
> ProxyPass /dev5/app1/ http://internalhost5/dev5/app1/
> ProxyPassReverse /dev5/app1/ http://internalhost5/dev5/app1/
>
> #this should only be available to 10.3.2.0/24
> ProxyPass /dev3/app2/ http://internalhost3/dev3/app2/
> ProxyPassReverse /dev3/app2/ http://internalhost3/dev3/app2/
>
> Is this possible?
See the mod_authz_host page.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RE: [dtiSPAM] - Re: [users@httpd] MOD_PROXY
Reverse Proxy - control URI access byclient IP Address - Email has
different SMTP TO: and MIME TO: fields in the email addresses
Posted by Peter Schober <pe...@univie.ac.at>.
* Todd Simons <ts...@delphi-tech.com> [2009-03-05 00:25]:
> Please confirm:
>
> <location /dev3/app2>
> Allow from 10.3.2.0/24
> ProxyPass /dev3/app2/ http://internalhost3/dev3/app2/
> ProxyPassReverse /dev3/app2/ http://internalhost3/dev3/app2/
> </location>
>
> ...when I made this modification, my apache fails to start
Make sure you use `apachectl -t` to test your config.
And that's now how it works:
> See the end of the ProxyPass directive docs at
> http://httpd.apache.org/docs/2.2/en/mod/mod_proxy.html#proxypass
where it says:
"When used inside a <Location> section, the first argument is
omitted and the local directory is obtained from the <Location>."
cheers,
-peter
--
peter.schober@univie.ac.at - vienna university computer center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] RE: [dtiSPAM] - Re: [users@httpd] MOD_PROXY Reverse Proxy - control URI access byclient IP Address - Email has different SMTP TO: and MIME TO: fields in the email addresses
Posted by Todd Simons <ts...@delphi-tech.com>.
Please confirm:
<location /dev3/app2>
Allow from 10.3.2.0/24
ProxyPass /dev3/app2/ http://internalhost3/dev3/app2/
ProxyPassReverse /dev3/app2/ http://internalhost3/dev3/app2/
</location>
...when I made this modification, my apache fails to start
-----Original Message-----
From: Peter Schober [mailto:peter.schober@univie.ac.at]
Sent: Wednesday, March 04, 2009 5:59 PM
To: users@httpd.apache.org
Subject: [dtiSPAM] - Re: [users@httpd] MOD_PROXY Reverse Proxy - control
URI access byclient IP Address - Email has different SMTP TO: and MIME
TO: fields in the email addresses
* Todd Simons <ts...@delphi-tech.com> [2009-03-04 22:41]:
> We'd like to utilize one public hostname
"http://webservers.domain.com"
> to rewrite different web apps, but control the access to the web app
by
> ip address, similar to an "allow from" on a directory.
You could wrap the ProxyPasses in <Location> elements and put the
'Allow from 10.5.1.0/24' etc. in there. See the end of the ProxyPass
directive docs at
http://httpd.apache.org/docs/2.2/en/mod/mod_proxy.html#proxypass
Proceed likewise for ProxyPassReverse.
cheers,
-peter
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
users-help@httpd.apache.org
## Scanned by Delphi Technology, Inc. ##
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] MOD_PROXY Reverse Proxy - control URI access by
client IP Address
Posted by Peter Schober <pe...@univie.ac.at>.
* Todd Simons <ts...@delphi-tech.com> [2009-03-04 22:41]:
> We'd like to utilize one public hostname "http://webservers.domain.com"
> to rewrite different web apps, but control the access to the web app by
> ip address, similar to an "allow from" on a directory.
You could wrap the ProxyPasses in <Location> elements and put the
'Allow from 10.5.1.0/24' etc. in there. See the end of the ProxyPass
directive docs at http://httpd.apache.org/docs/2.2/en/mod/mod_proxy.html#proxypass
Proceed likewise for ProxyPassReverse.
cheers,
-peter
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org