I have a webapp hidden behind Apache 2.4 which is set as a proxy
My configuration goes like this:
<Location /myapp>
Proxypass ajp://localhost:8009/myapp
Require all granted
</Location>
Recently, I was asked to prevent anyone but whitelisted IPs to access to myapp API which is accessible through /myapp/api/
I am failing to achieve proper configuration within Apache to make it so
Here is what I've tried so far :
<Location /myapp/api>
Proxypass ajp://localhost:8009/myapp/api
Require local
Require 1.2.3.4
</Location>
<Location /myapp>
Proxypass ajp://localhost:8009/myapp
Require all granted
</Location>
So what I need is for http://mysite/myapp/ to be accessible to anyone, but to restrict calls to http://mysite/myapp/api/* to a bunch of whitelised IP
Do you know how I may be able to achieve this?
Best Regards
Because of Overlapping Webspace, you should reverse the order of Location directives
<Location /myapp>
Proxypass ajp://localhost:8009/myapp
Require all granted
</Location>
<Location /myapp/api>
Proxypass ajp://localhost:8009/myapp/api
Require local
Require 1.2.3.4
</Location>