0

we have 2 Urls pointing to same apache instance. One URL, for Admin and other for client's. When accessing admin URL, should allow /admin where as /admin should be denied while accessing through client URL. Could you help with sample apache rewrite rules.

https://example-admin.com/admin - Admins allowed to access admin url
https://example-client.com/admin - Client should not allowed to access admin url
https://example-client.com/client - Client allowed to access client site

UPDATE:

I tried this below to block admin context path for client URL. But this isn't working:

RewriteEngine on
RewriteCond %{REQUEST_URI} ^/auth/admin(/.*)? [NC]
RewriteRule ^ - [F]
MrWhite
  • 43,179
  • 8
  • 60
  • 84
Laxman Ganesh
  • 11
  • 1
  • Welcome to SO, please do add your tried .htaccess rules in your question as your efforts, thank you. – RavinderSingh13 Oct 19 '22 at 03:32
  • No, I didn't say about tags. Please do add your tried code/.htaccess rules which you tried in your question, thank you. – RavinderSingh13 Oct 19 '22 at 11:17
  • Haven't find solution yet. – Laxman Ganesh Oct 19 '22 at 11:21
  • Whatever you tried from Google OR from documentation please do add there is nothing right or wrong in terms of efforts, as we all are here to learn its highly encouraged for questioners to have efforts in question, thank you. – RavinderSingh13 Oct 19 '22 at 11:22
  • How to check the requested host name using a RewriteCond: https://stackoverflow.com/q/10232722/1427878 Denying access when the condition is met, can be done by the RewriteRule substitution being just `-`, and using the `F` flag to give a 403 Forbidden response. – CBroe Oct 20 '22 at 06:14
  • Thanks CBroe. I tried this below to block admin context path for client URL. But this isn't working RewriteEngine on RewriteCond %{REQUEST_URI} ^/auth/admin(/.*)? [NC] RewriteRule ^ - [F] – Laxman Ganesh Oct 21 '22 at 08:58

1 Answers1

0
RewriteCond %{REQUEST_URI} ^/auth/admin(/.*)? [NC]
RewriteRule ^ - [F]

Where did /auth come from? It's not in your example URLs. However, you need to check the requested hostname, since you only want to block paths that start /admin when accessed from the example-client.com host. In other words, you need to check the value of the Host HTTP request header, which is available in the HTTP_HOST server variable.

For example:

RewriteCond %{HTTP_HOST} ^(www\.)?example-client\.com [NC]
RewriteRule ^admin($|/) - [F]

And this needs to go near the top of your root .htaccess file.

You don't need a separate condition (RewriteCond directive) to check the requested URL-path, as this can be checked (more efficiently) in the RewriteRule directive itself.

MrWhite
  • 43,179
  • 8
  • 60
  • 84