Restricting Access to Fusion Registry via Apache HTTP Server

If you wish to prevent access to certain aspects of the Fusion Registry, this can be achieved by the use of Apache HTTP Server. A typical scenario might be where only users within an organisation are permitted to access the Registry front-end.

By way of illustration as to how this can be achieved, the configuration file (for Apache HTTP Server 2.4) shown lower down this page, will perform the following:

  • Permit users from IP address '1.2.3.4' to access all parts of the Fusion Registry.
  • Permit all users to access to the Fusion Registry Web Service ‘ws/rest’ via the URL: http:// < servername >/RegistryPublic
  • All other parts of the website are restricted and will not allow access for anyone

The configuration file:

<VirtualHost *:80>
  ServerName myserverName
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/html
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  <Location />
    Order deny,allow
    Deny from all
  </Location>
  <Directory />
    Order deny,allow
    Deny from all
  </Directory> 
  <Location /FusionRegistry>
    Order deny,allow
    Deny from all
    Allow from 1.2.3.4
    Allow from 127.0.0.1
    ProxyPass http://localhost:8080/FusionRegistry
    ProxyPassReverse http://localhost:8080/FusionRegistry
  </Location>
  <Location /RegistryPublic>
    Order deny,allow
    Allow from all
    ProxyPass http://localhost:8080/FusionRegistry/ws/rest
    ProxyPassReverse http://localhost:8080/FusionRegistry/ws/rest
  </Location>
</VirtualHost>

Some notes:

  • This assumes the Web Server is running on port 80 and Apache Tomcat is running on port 8080 with the Registry deployed to 'FusionRegistry'
  • The IP address 127.0.0.1 must be listed as permitted since the Fusion Registry needs to "communicate with itself" as part of its settings configuration.