Apache/Restrict
Jump to navigation
Jump to search
Restrict Directory Alias
# /etc/httpd/conf.d/vhostalias.conf
Alias /docs "/var/www/docs/"
<Directory "/var/www/docs">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /soft "/var/www/soft/"
<Directory "/var/www/soft">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from all
Allow from ::1
Allow from 100.43.0
Allow from 127.0.0.1
Allow from 192.168.0
</Directory>
Restrict Reverse Proxy
# /etc/httpd/conf.d/httpd-proxy.conf
# /etc/httpd/conf.modules.d/00-proxy.conf
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
AllowEncodedSlashes Off
ServerName dev.chorke.org
ServerAlias uat.chorke.org
<Proxy *>
Order Deny,Allow
Deny from all
Allow from ::1
Allow from 100.43.0
Allow from 127.0.0.1
Allow from 192.168.0
</Proxy>
# proxy for ebis
ProxyPass /ebis http://127.0.0.1:8302/ebis nocanon
ProxyPassReverse /ebis http://127.0.0.1:8302/ebis
# proxy for fhir
ProxyPass /fhir http://127.0.0.1:8303/fhir nocanon
ProxyPassReverse /fhir http://127.0.0.1:8303/fhir
# proxy for init
ProxyPass /init http://127.0.0.1:8304/init nocanon
ProxyPassReverse /init http://127.0.0.1:8304/init
</VirtualHost>
Restrict Proxy Location
# /etc/httpd/conf.d/httpd-proxy.conf
# /etc/httpd/conf.modules.d/00-proxy.conf
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
AllowEncodedSlashes Off
ServerName dev.chorke.org
ServerAlias uat.chorke.org
# proxy for amqp
ProxyPass /amqp http://127.0.0.1:8300/amqp nocanon
ProxyPassReverse /amqp http://127.0.0.1:8300/amqp
# proxy for mqtt
ProxyPass /mqtt http://127.0.0.1:8301/mqtt nocanon
ProxyPassReverse /mqtt http://127.0.0.1:8301/mqtt
# proxy for ebis
<Location /ebis>
Order Deny,Allow
Deny from all
Allow from ::1
Allow from 100.43.0
Allow from 127.0.0.1
Allow from 192.168.0
ProxyPass http://127.0.0.1:8302/ebis nocanon
ProxyPassReverse http://127.0.0.1:8302/ebis
</Location>
</VirtualHost>
Check and Restart
apachectl -t # apachectl restart systemctl restart httpd
# grant network connection to apache setsebool -P httpd_can_network_connect on