I have this question, and not sure if this is the right place. If not, I do appreciate someone pointing me to the right place.
We have a situation that we would like to restrict the access to certain folders only to requests from the "local machine". Here is why: When a page is processed by our filter, the filter (based on page logic) may request pages (just like a regular web page request) that should never go to the browser. We put these pages in a folder. And would like to use apache config to restrict the access to only the "local machine". Here is the config <LocationMatch "/secrete-stuff/"> Order Deny,Allow Deny from all Allow from 127.0.0.1 #Allow from localhost </LocationMatch> The issue we face: When our filter issues the request, we use the hostname from the original request. eg, original request http://1.2.3.4/index.html our filter might issue http://1.2.3.4/something/secrete-stuff/server.js In order to make the above directive work, we will have to put the ip (1.2.3.4) in the Allow section. However, we are planning to deply many servers, it would be very hard for us to edit each config file. So we are wondering if there are anyway we can achieve the same result without make ip-specific changes. Thanks in advanvce for your help. John