0

I want to restrict certain domains from accessing services on my app server. For example; mydomain.com/sensitiveInformationServlet

I want to create a filter on my Apache server which will match all requests for this servlet and check the domain and if trusted allow access.

What is the best way to do this? Initially i thought i could create a Virtual host and then apply the mod_authz_host module however the virtual host can only map to a domain and port and ignores everything after the port.

Any suggestions? This is how far i got

<VirtualHost mydomain>
    <Location />
       Order Deny,Allow
       Deny from all
       Allow from mydomain.com some.trusteddomain.com
    </Location>
</VirtualHost>

This will block access to the entire site and not just the sensitiveInformationServlet servlet

cdugga
  • 105
  • 1
  • 5

1 Answers1

0

So specify it.

<VirtualHost *:80>
    DocumentRoot /your/fancy/web/site
    <Location /SensitiveInformationURL>
       Order Deny,Allow
       Deny from all
       Allow from specific.IP.range.to.prevent.expensive.lookups.
    </Location>
</VirtualHost>

Matching clients by domain is expensive since it requires a PTR lookup for every request.
I also corrected your faulty VirtualHost.

adaptr
  • 16,479
  • 21
  • 33