How to allow only some IPs for the root of the website and all IPs for specific subset of URIs?

Question

I have a website which is protected by Allow from IP filter but there is one specific subset of URLs which I would like to be open for everyone.

dev.someweb.com should be available only from specific IP addresses dev.someweb.com/api/v1/<anything here> should be available to everyone and with all methods - GET, POST etc.

Here is my current httpd.conf example:

    <VirtualHost *:80>
        DocumentRoot /home/webroot/devsite/public
        ServerName   dev.someweb.com
        <Directory /home/webroot/devsite/public>
            SetEnvIf REQUEST_URI "/api/v1/" allowapi=1
            Order deny,allow
            Deny from all
            Allow from 192.168.1.0
            Allow from env=allowapi # this does not work, dev.someweb.com/api/v1/someresource still fails with 403 if accessing from another IP
            AllowOverride All
        </Directory>
        ErrorLog /home/webroot/devsite/tmp/log/error_log
    </VirtualHost>

I tried moving SetEnvIf to different places - still it does not work, dev.someweb.com/api/v1/someresource is always forbidden outside of 192.168.1.0

Just in case - I'm restarting Apache after all changes and I do not see any errors in its log file.

What am I doing wrong?

Answer 1

There is no need to use setenv, just add a new directory allowing access

<Directory /home/webroot/devsite/public/api/v1/>
   Order deny,allow
   Allow from 
</Directory>

If it is a virtual URI path then use <Location /api/v1/> instead of <Directory>