Only allow ProxyPass for some IP's

The answer should be as follows. I have included an IP and a subnet in one rule, for those who need to allow a whole subnet rather than a set of single IPs.

<Location /foo>
    Deny from all                       // **This rule is the most IMPORTANT**    
    Allow from 192.168.1.2 10.100       // The second value implies 10.100.0.0/16 subnet
    ProxyPass http://example.com/foo
    ProxyPassReverse http://example.com/foo
</Location>

<Location /bar>
    Allow from 1.2.3.4 2.3.4.5 ...
    ProxyPass http://example.com/bar
    ProxyPassReverse http://example.com/bar
</Location>

Note the first argument to ProxyPass and ProxyPassReverse is implied here to be the target of the location block.

I think you can use a SetEnvIf directive checking the Remote Address (Remote_Addr).

With one IP:

SetEnvIf Remote_Addr "123.123.123.123" TRUST=yes

Checking multiple IPs with regular expression

SetEnvIf Remote_Addr "123\.123\.123\.123|134\.134\.(134\.(134|134)|134\.134)" TRUST=yes

I'm not sure you can do directly this:

ProxyPass /foo http://example.com/foo env=TRUST

But probably you can work with Rewrite Rules and obtain the same result...

For example you can rewrite to a particular page all the IP that are not trusted (env=!TRUST)

Hope it helps.

Only allow ProxyPass for some IP's

Tags:

Reverse Proxy

Apache 2.2

Related

Recent Posts