I store a single cookie in a file and want to retrict access to users who have that specific cookie set (with a specified name) and redirect others (from any page in the site) to my site's root. Since, my site uses a node backend to authenticate users (i.e., to verify a password) I also want to exempt it's proxypass page ("/authenticate") and any "sub-pages" proceeding it.
A problem I've had with these sort of "whitelists" is that they generally don't encompass the whole site (including subdomains) and don't work for directories which are being indexed.
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/site.com.pem
SSLCertificateKeyFile /etc/apache2/ssl/site.com.key
</VirtualHost>
<VirtualHost *:443>
ServerName site.com
DocumentRoot /var/www/site.com/html
<Directory /var/www/site.com/html/files>
Options +Indexes
AllowOverride All
</Directory>
ProxyRequests Off
ProxyPass /authorise http://localhost:3001
ProxyPassReverse /authorise http://localhost:3001
</VirtualHost>
<VirtualHost *:443>
ServerName movie.site.com
ProxyRequests Off
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
<VirtualHost *:443>
ServerName mail.site.com
DocumentRoot /var/www/site.com/roundcube
ErrorLog ${APACHE_LOG_DIR}/roundcube-error.log
CustomLog ${APACHE_LOG_DIR}/roundcube-access.log combined
<Directory /var/www/roundcube>
Options -Indexes
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Edit:
Just to clarify, I know I can do something like the following to achieve what I'm after (to some extent):
RewriteEngine on
RewriteCond %{HTTP_COOKIE} !MYCOOKIE
RewriteRule ^/myhome/content/ - [F]
But how do I ensure this has an effect on every VirtualHost (i.e., on every subdomain) and also read the single cookie from the file so that I am able to alter it without having to restart apache.
Thank you!
