Apache 2.4 Proxy for External, Redirect for Internal

reverse-proxy apache-2.4 proxy

I am attempting to setup a reverse proxy to allow only a few select ip ranges to proxy to an internal host, while I would like anyone else not within the ip ranges to redirect to our internal named host. In this setup, the webservice will work while anyone who is not VPN'd into our network will not be capable of navigating to the internal resource. I have been attempting to get this to work without luck, my partial config is currently as follows:

       ProxyRequests Off
    <Proxy *>
            Allow from all
    </Proxy>
    <Location />
            Allow From xxx.xxx.xxx.xxx/24 1xxx.xxx.xxx.xxx/23
            Deny From All
            ProxyPass http://server.local.corp:8000/
            ProxyPassReverse http://server.local.corp:8000/
    </Location>

This config appears to work well for blocking other ip ranges from being able to proxy, however I am unclear how I can add a redirect statement for anyone else.

Edit Taking advice from the first answer my code now looks like:

<If "%{REMOTE_ADDR} -ipmatch 'xxx.xxx.xxx.xxx/24'">
  ProxyPass / http://server.local.corp:8000/
  ProxyPassReverse / http://server.local.corp:8000/
</If>

And apache throws the following error on restart:

ProxyPass cannot occur within <If> section
Action 'configtest' failed.
The Apache error log may have more information.

The following should work if you are allowed to use subdomains, only should I can't test it at the moment ...

However the logic should work.

Use the to redirect XTERNs to a sub domain eg. xtern.example.com and resolve the things with virtual hosts!

<VirtualHost *:80>
    ServerName example.com

    <If "%{REMOTE_ADDR} !-ipmatch 'xxx.xxx.xxx.xxx/24'">
        Redirect "/" "http://xtern.example.com"
    </If>


    ProxyPass http://server.local.corp:8000/
    ProxyPassReverse http://server.local.corp:8000/
</VirtualHost>

<VirtualHost *:80>
    ServerName xtern.example.com

    ProxyPass http://server.xtern.corp:8000/
    ProxyPassReverse http://server.xtern.corp:8000/
</VirtualHost>

Related

Pacemaker DRBD resource not getting promoted to master on any node
Docker: Permission denied on folders added with ADD
Weird network problems with Vagrant, VirtualBox, Ansible and Ubuntu Server box
Does Windows log a "Member removed" event for security groups when an AD user account is deleted?
munin + nginx: no dynazoom into graphs
How can I eliminate the "Several add-ons are ready for use" prompt in Internet Explorer?
WebRTC on standalone asterisk - no audio
TCP acks are paused, then resumed, then paused again. Why?
OCSP stapling with nginx
CentOS7 firewalld no zones
Skype For Business WSUS Server 2012
How to group / compose systemd services?