Apache/Restrict

From Chorke Wiki
Jump to navigation Jump to search

Restrict Directory Alias

# /etc/httpd/conf.d/vhostalias.conf

Alias /docs "/var/www/docs/"
<Directory "/var/www/docs">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

Alias /soft "/var/www/soft/"
<Directory "/var/www/soft">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order Deny,Allow
    Deny from all
    Allow from ::1
    Allow from 100.43.0
    Allow from 127.0.0.1
    Allow from 192.168.0
</Directory>

Restrict Reverse Proxy

# /etc/httpd/conf.d/httpd-proxy.conf
# /etc/httpd/conf.modules.d/00-proxy.conf

<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyRequests Off
    AllowEncodedSlashes Off
    ServerName dev.chorke.org
    ServerAlias uat.chorke.org

    <Proxy *>
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 192.168.0
    </Proxy>

    # proxy for ebis
    ProxyPass /ebis http://127.0.0.1:8302/ebis nocanon
    ProxyPassReverse /ebis http://127.0.0.1:8302/ebis

    # proxy for fhir
    ProxyPass /fhir http://127.0.0.1:8303/fhir nocanon
    ProxyPassReverse /fhir http://127.0.0.1:8303/fhir

    # proxy for init
    ProxyPass /init http://127.0.0.1:8304/init nocanon
    ProxyPassReverse /init http://127.0.0.1:8304/init
</VirtualHost>

Restrict Proxy Location

# /etc/httpd/conf.d/httpd-proxy.conf
# /etc/httpd/conf.modules.d/00-proxy.conf

<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyRequests Off
    AllowEncodedSlashes Off
    ServerName dev.chorke.org
    ServerAlias uat.chorke.org

    # proxy for amqp
    ProxyPass /amqp http://127.0.0.1:8300/amqp nocanon
    ProxyPassReverse /amqp http://127.0.0.1:8300/amqp

    # proxy for mqtt
    ProxyPass /mqtt http://127.0.0.1:8301/mqtt nocanon
    ProxyPassReverse /mqtt http://127.0.0.1:8301/mqtt

    # proxy for ebis
    <Location /ebis>
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 192.168.0
        ProxyPass http://127.0.0.1:8302/ebis nocanon
        ProxyPassReverse http://127.0.0.1:8302/ebis
    </Location>
</VirtualHost>

Check and Restart

apachectl -t
# apachectl restart
systemctl restart httpd
# grant network connection to apache 
setsebool -P httpd_can_network_connect on

References