1

Suppose I want the following clients to access only specific internet servers from behind a apache2 forward proxy:

Client-1-IP: www.google.com
Client-2-IP: www.gmail.com
Client-3-IP: www.cnn.com
Client-4-IP: www.chess.com

Is this possible? I am running Apache 2.4.10 on Debian 8. Currently, I am allowing specific clients to access the entire internet via this configuration values, but want to be able to specify that a specific client can access only a specific internet server:

<VirtualHost *:8080>
        ProxyRequests On
        Proxyvia On
        <Proxy "*">
                Order deny,allow
                Deny from all
                Allow from <ip-1>
                Allow from <ip-2>
                Allow from <ip-3>
        </Proxy>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Thanks.

Mohan
  • 33
  • 8

1 Answers1

0

just FYI this has been elaborated on here, among other threads. In my case I wanted to configure an Apache 2.4 server to act as a forward proxy for a Maven on another machine without access to the Internet. Note that the restriction syntax has changed in Apache 2.4, so Allow/Deny/Order keywords should be replaced by Require clause as explained here. For example, let's suppose we want our proxy to listen on myhost.com:7775 and allow access only for 192.168.1.1 and to forward only to *.maven.org or *.apache.org. Then we would need the following in vhosts configuration (i suppose there may be an easier way to combine multiple allowed remote hosts):

<VirtualHost myhost.com:7775>
    ProxyRequests On
    ProxyVia On

    # block all domains except our target
    <ProxyMatch ^((?!maven\.org).)*$>
        Require all denied
    </ProxyMatch> 

    <ProxyMatch ^((?!apache\.org).)*$>
        Require all denied
    </ProxyMatch> 

    # only allow our IP for a specific target
    <ProxyMatch maven\.org >
        Require ip 192.168.1.1
    </ProxyMatch>  

    <ProxyMatch apache\.org >
        Require ip 192.168.1.1
    </ProxyMatch>  

</VirtualHost>
hello_earth
  • 1,442
  • 1
  • 25
  • 39