We have an Apache server, on a Windows Server 2008 machine, that is used for specific secure traffic for our customers, like a gateway.
Now, I only want to allow traffic for a certain range of secure URLs, defined by a wildcard uri: ****secure.mysite.com****, and deny all other http or https request to Apache
How do you set that up in the Apache httpd conf file?
Thank you
Best Answer
You can allow access via an environment variable that is only set via request URI patterns you want to match with SetEnvIf.
In your host, or virtualhost configure the following with the URI's you want to allow:
If you are serving the requests from Apache:
Or if proxying via mod_proxy, you probably want to combine the URI match with with some IP restrictions so you don't have an open proxy.
In this case, if the IP is not in the
10.0.0.0/8
range deny,Order
being important