Allow only selected domain to access http centos

Question

I have apache traffic server which caches my webapp and its connected to a CDN. I have to reject all http requests other than my CDN.

IPTABLES rules can't do anything because, as of my knowledge, it won't deal with domain names. hosts.allow and hosts.deny also a no-go.

is there any way to natively block all other http traffic. I don't want to install any third party app because I don't want additional load for my server.

Thank you

Can't you simply block all traffic at the vhost level, except the ones from the CDN? — Vladimir, Apr 19 '17 at 11:34
Most, if not all, CDN's make their IP-ranges available (to their customers if not the general public) allowing you to create IP-address based whitelists in your firewall... — HBruijn, Apr 19 '17 at 19:24
Yeah, did that. But I was looking for some do and forget solution. Thanks though. — Rajesh Rajendran, Apr 19 '17 at 19:27

score 0 · Answer 1 · answered Apr 19 '17 at 11:49

0

One way is to deny everything other than the CDN server nodes to your docroot, or whatever you need protected:

<Directory /home/yourdocroot>
allow from x.x.x.x
allow from x.x.y.y
deny from all
</Directory>

answered Apr 19 '17 at 11:49

Vladimir

321
1
12

its not apache WEB server, but TRAFFIC server. – Rajesh Rajendran Apr 19 '17 at 11:54
Oh! Sorry about that! Then I guess you should take a look at https://docs.trafficserver.apache.org/en/latest/admin-guide/files/ip_allow.config.en.html – Vladimir Apr 19 '17 at 12:08

Allow only selected domain to access http centos

1 Answers1