I have two servers, one a development server that is accessible internally on our company's local network and the other a public-facing web server. The development server hosts several tools that we use to manage our projects internally but now we need to access them externally too whilst maintaining security.
I have set up mod_proxy on the external server using the ProxyPass and ProxyPassReverse directives to map external requests to the internal server. I have also set up authentication on these external virtual hosts to provide security for outside access. I also need to use SSL for external access but would ideally prefer to keep the internal tools accessible by plain HTTP for people within the intranet.
Is it possible to achieve this behaviour and if so what directives and Apache modules should I be using and on which servers do they need to be setup?
Best Answer
I'm going to make the assumption that you do accept HTTP connections for the public, but you do a standard HTTP redirect to force them to HTTPS.
If this is the case, then you can alter your HTTP directives to not redirect if you are part of the internal network.
To do this, you want to use Apache's mod_rewrite and filter on REMOTE_ADDR. Essentially, you want to redirect everything that does not match your network.
The other option, and probably the safer one, is to just have your internal users use a different service address than the public one. Have them connect to myservice.mydomain.local instead of myservice.mydomain.com.