Eric Covener wrote:
On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
<li...@alvisenicoletti.com> wrote:
I would like to restrict access to everything-but-mywebsite like the
example:
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
Allow from www.TOMCATWEBSITE.com
</Proxy>
ProxyVia On
</IfModule>
That restricts access "from" an [client] address, not access "to" a
backend [webserver] address.
If you're running a reverse proxy only (ProxyRequests off), and you've
told it to connect to a specific backend via ProxyPass, I don't see
why you need furtherer configuration to restrict anything.
mhh ...
the point is that the original configuration in my webserver was:
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
</Proxy>
ProxyVia On
</IfModule>
And everthing was working, BUT, I had to remove everything to make the
tomcat6-apache2 bridge work.
Also, in the header of that file I found written:
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.
So I guess this is not good:
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
</Proxy>
ProxyVia On
</IfModule>
Or is it ok?
