Allow specific IP addresses to access web application, redirect all other traffic to DocumentRoot

Problem

I needed to redirect all traffic to the root of a site we were retiring - the site itself ran a tomcat app behind an apache reverse-proxy.  I created a simple index.html page to redirect all traffic to.  The problem is that we needed to allow several users (identified by ip address) to continue to access the site temporarily while redirecting all other traffic to the index.html page with information about retiring the site.  

For the example below, we'll use a Ubuntu server setup with OpenProject running on port 6000.

Solution

We're going to use apache's RewriteCond and RewriteRule to:

1. proxy certain IP addresses to the application's port;
2. redirect all traffic from other IP addresses to the DocumentRoot (where my index.html file is).

Modifying your apache .conf vhost file

You'll need to modify your reverse-proxy vhost .conf file.  For me, I created a new .conf file using nano:

sudo nano /etc/apache2/sites-available/openproject-retired.conf

Below is the contents of my .conf file:

<VirtualHost *:443>
    ServerName openproject.example.com
    DocumentRoot /var/www/openProjectRetired

    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On

    RemoteIPHeader X-Forwarded-For
    RemoteIPTrustedProxy 127.0.0.1

    # allow these ip addresses to access openproject (use [OR] to add more)
    RewriteEngine On
    RewriteCond %{REMOTE_ADDR} <IP-ADDRESS-1> [OR]
    RewriteCond %{REMOTE_ADDR} <IP-ADDRESS-2>
    RewriteRule ^/(.*) http://127.0.0.1:6000/$1 [P,L]

    # send remaining to index.html (DocumentRoot)
    RewriteCond %{REQUEST_URI} !^/$
    RewriteRule ^/(.*)$ / [R=302,L]

    # apparently whether using ProxyPass or RewriteRule need to define ProxyPassReverse
    ProxyPassReverse / http://127.0.0.1:6000/

    # Your SSL certificate information for this sub-domain can go here.
    # If you use certbot-auto, it will automatically add it here if you use the --apache flag.
</VirtualHost>

<VirtualHost *:80>
    ServerName openproject.example.com
    Redirect Permanent / https://openproject.example.com/
</VirtualHost>

Note¹: /var/www/openProjectRetired is folder holding my index.html file;

Note²: replace <IP-ADDRESS-1> and <IP-ADDRESS-2> with the IP address(es) you want to give access to the application to (you can add more using the [OR] flag);

Note³: see here for setting up a SSL certificate using the awesome Certbot-Auto.

References

1. http://httpd.apache.org/docs/current/mod/mod_rewrite.html

Related articles

• Page:
  Use a swap file and enable hibernation on Arch Linux - including on a LUKS root partition
• Page:
  Super simple approach to accessing Spring beans from non-Spring managed classes and POJOs
• Page:
  Create and enable swap file on Linux
• Page:
  Continuous connection to Cisco AnyConnect VPN with linux Openconnect
• Page:
  Setting custom frequency for Apache logs rotation