I am triying to set up a data server that restrict the access to the public but allows access from a host or domain, but at the same time I need to enable CORS, this is what I tried in my virtualhost configuration:
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html/data
ServerAdmin admin@example.org
ServerName data.example.org
<Directory /var/www/html/data/>
AllowOverride none
Require all denied
</Directory>
<Directory /var/www/html/data/client.com/>
AllowOverride none
Require host client.com
Header set Access-Control-Allow-Origin *
</Directory>
ErrorLog ${APACHE_LOG_DIR}/data-error.log
CustomLog ${APACHE_LOG_DIR}/data-access.log common
SSLCertificateFile /etc/letsencrypt/live/data.example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/data.example.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Also I tried this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html/data
ServerAdmin admin@example.org
ServerName data.example.org
<Directory /var/www/html/data>
AllowOverride none
Require all denied
</Directory>
<Directory /var/www/html/data/client.com>
AllowOverride none
Require host client.com
</Directory>
<Location /client.com>
Header set Access-Control-Allow-Origin: *
</Location>
ErrorLog ${APACHE_LOG_DIR}/data-error.log
CustomLog ${APACHE_LOG_DIR}/data-access.log common
SSLCertificateFile /etc/letsencrypt/live/data.example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/data.example.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
And I tried this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html/data
ServerAdmin admin@example.org
ServerName data.example.org
<Location />
AllowOverride none
Require all denied
</Location>
<Location /client.com>
AllowOverride none
Require host client.com
</Location>
<Directory /var/www/html/data/client.com/>
Header set Access-Control-Allow-Origin: *
</Directory>
ErrorLog ${APACHE_LOG_DIR}/data-error.log
CustomLog ${APACHE_LOG_DIR}/data-access.log common
SSLCertificateFile /etc/letsencrypt/live/data.example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/data.example.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
The Auth directives with Requiere works fine, but the header directive only works with Require all granted at the second directory directive.
¿What I am doing wrong? Thanks for your kindly answers.
