Question:

Restrict http proxy access without restricting socket access

Kinsley: 02 February 2022

Let's say I have enabled mod_proxy , mod_proxy_fcgi and mod_proxy_http in my Apache 2.4 server. I use mod_proxy_fcgi to access my PHP-FPM service (socket not tcp). I know I can restrict access to my proxy by using <Proxy> (https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#access) directive. My Problem is that I want to restrict access based on Proxy itself not proxied content. For example, this:

<Proxy "*">
  Require ip 192.168.0
</Proxy>

will restrict access to my PHP-FPM and users will see 403 Access denied.

Answer:
Victoria: 02 February 2022

Can you explain what you mean by "I want to restrict access based on Proxy itself not proxied content"?

Note, in general, <Proxy> blocks are for configuring forward proxies, not reverse, which is what you have. In your case you can just use a Location block

<Location "/">
  Require ip 192.168.0
</Location>