I have two servers A) frontend server (ip 11.22.33.44), B) backend server (ip 22.33.44.55). Both use Debian Linux and Apache server.
A) frontend server uses reverse proxy to show content of B) backend server. I would like to restrict Apache access of backend server to ip 11.22.33.44 (should be accessible only from A) frontend server). Backend server listens on SSL enabled ports 1111 and 2222 (to serve two different reverse proxied sites).
I tried on backend server:
<Proxy "*">
Require ip 11.22.33.44
</Proxy>
and
<Proxy "*">
order deny,allow
Deny from from all
Allow from 11.22.33.44
</Proxy>
but I had no success. Still accessible by me from a web browser with URL https://22.33.44.55:1111.
Any other idea to restrict access of backend server to ip address of frontend server?
So the backend server is the target of the proxy, so the
Proxy
directive is not relevant there.To restrict access to the backend, something like this in the virtualhost of your backend conf file would limit access to only the front-end server making proxied requests...
You can add more granular controls with other directives from the manual:
https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require