I have this question, and not sure if this is the
right place.  If not, I do appreciate someone pointing
me to the right place.

We have a situation that we would like to restrict the
access to certain folders only to requests from the
"local machine".  Here is why:
When a page is processed by our filter, the filter
(based on page logic) may request pages (just like a
regular web page request) that should never go to the
browser.  We put these pages in a folder.  And would
like to use apache config to restrict the access to
only the "local machine".  Here is the config
<LocationMatch "/secrete-stuff/">
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    #Allow from localhost
</LocationMatch>

The issue we face:
    When our filter issues the request, we use the
hostname from the original request. eg, original
request
http://1.2.3.4/index.html
our filter might issue
http://1.2.3.4/something/secrete-stuff/server.js

In order to make the above directive work, we will
have to put the ip (1.2.3.4) in the Allow section. 
However, we are planning to deply many servers, it
would be very hard for us to edit each config file. 
So we are wondering if there are anyway we can achieve
the same result without make ip-specific changes.

Thanks in advanvce for your help.
John

Reply via email to