Thanks Andrew, I did see this as an example on a web post. ...the argument was made that it's a PIA when you don't match class C subnets and have to use RegEx :-)
...I don't have class C inside, I boiled it down to Class C for the post example. Thanks! -----Original Message----- From: Andrew Schulman [mailto:and...@alumni.utexas.net] Sent: Friday, November 19, 2010 2:18 PM To: users@httpd.apache.org Subject: [us...@httpd] Re: MOD_PROXY and Access Control by IP > I've been able to secure each proxy with this model: > <Proxy http://*/App1/*> > Order Deny,Allow > #Permit IT > Allow from 10.1.0.0/24 > #Permit Team1 > Allow from 10.1.1.0/24 > Deny from all > </Proxy> > > Is there a way we can define access once for the IT Subnet (10.1.0.0/24) once > instead of per App? One way would be SetEnvIf Remote_Host ^10\.1\.0\. allow_IT <Proxy http://*/App1/*> Order Deny,Allow #Permit IT Allow from env=allow_IT #Permit Team1 Allow from 10.1.1.0/24 Deny from all </Proxy> With this method you still have to include an Allow from env=allow_IT inside every <Proxy> stanza, but at least you only have to specify their IP address in one place. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org CONFIDENTIALITY NOTICE This e-mail message from Delphi Technology, Inc. is intended only for the individual or entity to which it is addressed. This e-mail may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you received this e-mail by accident, please notify the sender immediately and destroy this e-mail and all copies of it. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
