ApexityIT I played around with Apache and splitting the internal/client portals into two subdomains seems pretty easy to do.
In the below:
- ITFlow is served from /var/www/itflow.example.com
- Techs use itflow.example.com if they have an allowed IP
- Clients are redirected to use clients.example.com/portal
Apache config: itflow-example.conf
# Internal users
<VirtualHost *:443>
ServerName itflow.example.com
DocumentRoot /var/www/itflow.example.com
SSLCertificateFile [...]
RewriteEngine On
# Redirect anyone on /portal/ to the clients vhost
RewriteRule ^/portal/(.*)$ https://clients.example.com/portal/$1 [R=302,L]
# Only allow tech access for a specific IP address
RewriteCond %{REQUEST_URI} !^/guest_.*
RewriteCond expr "! -R 'your-ip-here/32'"
RewriteRule ^ https://clients.example.com/portal/ [R=302,L]
</VirtualHost>
# External users
<VirtualHost *:443>
ServerName clients.example.com
DocumentRoot /var/www/itflow.example.com
SSLCertificateFile [...]
RewriteEngine On
# Default deny
<Directory /var/www/itflow.example.com>
Require all denied
</Directory>
# Allow portal
<Directory /var/www/itflow.example.com/portal>
Require all granted
</Directory>
# Allow logos and avatars
<Directory ~ "/var/www/itflow.example.com/uploads/settings/*">
Require all granted
</Directory>
<Directory ~ "/var/www/itflow.example.com/uploads/clients/*">
Require all granted
</Directory>
<Directory ~ "/var/www/itflow.example.com/uploads/users/*">
Require all granted
</Directory>
# Allow stylesheets, javascript, json, icons and fonts
<FilesMatch ".*\.(css|js|json|ico|woff|woff2|ttf)$">
Require all granted
</FilesMatch>
# Allow guest_X.php files
<FilesMatch "^/guest_.*">
Require all granted
</FilesMatch>
</VirtualHost>