How to restrict particular URL using Apache ajp Reverse Proxy

Question

I'm using Apache Reverse Proxy, following is some of Apache Virtual Host configuration:

    ProxyRequests Off
    <Proxy *>
            AddDefaultCharset off
            Order deny,allow
            Allow from all
    </Proxy>
    ProxyVia On
    ProxyRequests Off
    ProxyPreserveHost On
    proxyPass /        ajp://127.0.0.1:8009/

Now I want to restrict request url like http://example.com/admin/tools in such a way that it should allow to access from particular IP address only. How can I achieve this ?

EDIT:

As of above requirement this answer is working fine, Suppose I want allow to access admin URL from one or two IP's and rest IP's I want to redirect to index page instead of showing forbidden error, how can I get this ?

score 2 · Answer 1 · answered Mar 31 '13 at 11:48

2

What version of apache are you using? One way to restrict access to resources based on the URL is to use

For example:

<Location /admin/tools>
  Order Deny,Allow
  Deny from all
  Allow from 192.168.1.34
</Location>

answered Mar 31 '13 at 11:48

Krist van Besien

1,832
13
16

I'm using Apache2.2 on Ubuntu, I'll try how you have suggested,Thanks Krist – Mahesh.D Apr 03 '13 at 10:06

score 1 · Answer 2 · edited Sep 07 '22 at 01:00

As of above requirement this answer is working fine, Suppose I want allow to access admin URL from one or two IP's and rest IP's I want to redirect to index page instead of showing forbidden error, how can I get this ?

To expand on krist-van-besien's answer, you can do that with the help of ErrorDocument for 403 Forbidden like this:

<Location /admin/tools>
    Order Deny,Allow
    Deny from all
    Allow from 192.168.1.34
    ErrorDocument 403 /index.php
</Location>

Please note, that the user should have permissions to view the page you're redirecting him to. For more info you can check this question: Allowing blocked IP to view 403 ErrorDocument

Further reading:

Apache HTTPD Location Directive
Apache HTTPD Order Deny,Allow

score 0 · Answer 3 · edited Sep 07 '22 at 21:27

To expand on this scenario to apply to a RESTful web service endpoint vs. calling the endpoint from a web page.

Is there a way to proxy requests from a local server's web page and forward them to the web service address along with allowing local internal network requests (developers) access to the web service endpoint, yet still restrict direct external WS endpoint requests?

For example, if the web service is running on Tomcat (port 8080) and we are using mod_proxy to redirect the apache requests from the web page on port 80 -> tomcat:8080/webservice in our web page service calls.

<Location /admin/tools>
    Order Deny,Allow
    Deny from all
    Allow from localhost
    Allow from 127.0.0.1
    Allow from *local.domain.com
</Location>
ProxyPass        /admin/tools http://localhost:8080/admin/tools
ProxyPassReverse /admin/tools http://localhost:8080/admin/tools

When I try this, it locks the entire WS endpoint access including the web page request going the the proxy pass endpoint.

How to restrict particular URL using Apache ajp Reverse Proxy

3 Answers3