Bigbro's foray into the scary world of blogging
I've been trying to aggregate a number of back-end application servers and provide a single (well, resilient pair) web server as a front end, using Apache Reverse Proxy and specifically ProxyPass and ProxyPassReverse directives. I also wanted to lock down access to the various different reverse proxied applications using IP addresses. You can do this using the <Proxy *|URL> directive, with the subtle requirement that the URL must match the proxied URL, not the requested one.
Example:
A user requests https://my.server.example.com/someapp/foo and without even realising it, gets data and interacts with the application hosted on the backend server, http://app1.example.local/foo. Furthermore, access should only be granted to this application from the IP address 4.3.2.1. Note that app1.example.local is not routeable from the internet, but has a connection to my.server.example.com.
Break out the appropriate SSL vhost configuration file in your Apache front-end server (running on my.server.example.com) and configure something like this:
<Proxy "http://app1.example.local/*"> Order Deny,Allow Deny from All Allow from 4.3.2.1 </Proxy> <Directory "/someapp"> ProxyPass http://app1.example.local/ PRoxyPassReverse http://app1.example.local/ </Directory>
