Article
· Feb 7 2m read

Splitting access by WebServer port

Recently, I needed to run WebGateway on an additional port but with a twist - this port should publish only one web application.
At first, I thought about configuring Web Gateway to allow only specific web applications (~urls), but Web Gateway configuration is per Apache configuration:

LoadModule csp_module_sa "/opt/webgateway/bin/CSPa24.so"
CSPModulePath "/opt/webgateway/bin/"
CSPConfigPath "/opt/webgateway/bin/"

And while LoadModule has two allowed contexts, server config and virtual host, the csp module must be loaded once in the server context.

But we can use two VirtualHosts and here's how:

CSPModulePath /iris/csp/bin/
CSPConfigPath /iris/csp/bin/
LoadModule csp_module_sa /iris/csp/bin/CSPa24.so

Listen 443
Listen 10443
<VirtualHost *:443>
  <Location />
    CSP On
  </Location>
</VirtualHost>

<VirtualHost *:10443>
  <Location /myapp/>
    CSP On
  </Location>
</VirtualHost>
 
Full httpd.conf

Virtual Hosts use the same WebGateway and the same CSP Config, but only /myapp/ urls are available on port 10443. Anything else gets 404 from Apache.

Discussion (1)2
Log in or sign up to continue