Apache2: How to restrict access to specific IP with ProxyPass?

Question

I have an Apache2 Server configured as Reverse Proxy on my perimeter network.

There are a lot of VirtualHost configured with the ProxyPas directive.

For a specific one, I want to restrict access to a specific IP address.

This is an example:

<VirtualHost 192.168.0.1:80>
    ServerAdmin email@domain.com
    ServerName sub.domain.com
    ServerAlias sub.domain.com
    ProxyPass / http://internal.domain.com:80/
    ProxyPassReverse / http://internal.domain.com:80/
    CustomLog /var/log/apache2/my_log combined
    HostnameLookups Off
    ProxyPreserveHost On
    UseCanonicalName Off
    ServerSignature On
    ProxyRequests Off
</VirtualHost>

I have tried to add this:

<Proxy *>
    Order deny,allow
    Deny from all
    Allow from 192.168.0.100
</Proxy>

but doesn't work because the Reverse Proxy does not preserve the remote IP address.

There is a way to use IP ACL with Apache configured as Reverse Proxy?

Thanks

alexus · Answer 1 · 2016-05-05T16:19:26.080

You can do it using: Reverse Proxy Request Headers (X-Forwarded-For)

Tutorial: Apache 2.4 as reverse proxy - LeaseWeb labs - covers second bullet point.

for mod_proxy:

LogFormat "%v %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" pro
xy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded

Apache2: How to restrict access to specific IP with ProxyPass?

1 Answers1