httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Ecker <da...@ecker-software.de>
Subject Re: [users@httpd] HTTP_REFERER and Access Control
Date Fri, 11 Oct 2013 15:11:06 GMT
Hi,

you could use host based access control giving full access to the server 
applications.examle.com:

http://httpd.apache.org/docs/2.2/howto/access.html

The problem is that the request to secure.example.com has to come from 
applications.example.com and not from the client browser. You could use 
mod_proxy directives for that.

For example on the application webserver:
ProxyPass /secure http://secure.example.com/
ReverseProxyPass /secure http://secure.example.com/

With that every browser accessing http://application.example.com/secure 
will actually get the content of http://secure.example.com.

But that only works if you did set host based access rules as in the 
above link.

bye
David

Am 11.10.2013 16:58, schrieb Philippe Marcoussis:
> Hello,
>
> I am facing a problem, and i don't known how to solve it.
>
> I have two web sites working and available on the internet :
> - applications.example.com <http://applications.example.com>
> - secure.example.com <http://secure.example.com>
>
> I would like :
> 1) to allow FULL access FROM applications.example.com 
> <http://applications.example.com> TO secure.example.com 
> <http://secure.example.com>  ( without any authentication)
>
> AND
>
> 2)  to allow access FROM Internet TO secure.example.com 
> <http://secure.example.com> only with LDAP Authentification.
> PS: I know how to configure ldap authentication, that is not the matter
>
> What apache directive should I use ? mod_rewrite ? http_referer ?
>
> Thanks,
>
>
>
>
>


Mime
View raw message