0

I'm using Apache 2.4 as a reverse proxy for Jenkins (a web service running locally on port 8080). I'm trying to limit access to this service to an internal network using Require. My VirtualHost:

<VirtualHost *:443> ServerName jenkins.domain.com ServerAdmin ... SSLEngine on ... <Location /> <RequireAny> Require ip 127.0.0.1 Require ip ::1 Require ip 10.8.0 </RequireAny> </Location> ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ ProxyPassReverse / http://jenkins.domain.com/ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" </VirtualHost>

Somehow this makes the service unavailable to everyone, including clients with trusted IPs like 10.8.0.1. What am I doing wrong?

Improve this question

1 Answer 1

Reset to default
1

I also used Apache to do reverse proxy with ProxyPass and didn't encounter the need to declare the <Proxy> directives to limit access since <Location> was sufficient.

Can you try commenting out the following part:

<Proxy *> Require all granted </Proxy>

Improve this answer
3
  • I'm still getting a 403 (You don't have permission to access / on this server). You're right though, looks like <Proxy> is not required here. Will remove it from the config in my question. Commented Jul 29, 2017 at 15:23
  • In the config that I use, the <Location> directive was declared after the ProxyPass and ProxyPassReverse. You might want to try that too. Commented Jul 29, 2017 at 15:30
  • Nevermind, the updated config in my answer (without <Proxy>) works! My VPN configuration is now the problem here. Thanks. Commented Jul 29, 2017 at 15:33

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.