I want to restrict some systems to access urls like this. only some systems.
http://example.com:1234/abc/personId)
any idea now can this be done? and (personid) is a variable.
squid is the only way? because of the system load I cannot go with squid. is this can be done with iptables?

I don't believe that IPtables will be of any benefit to you as it seems you want to filter at the application level. Squid or another proxy would be your best choice, but I am not going to try to debate your position of "can't handle the load". Another option would be to configure the server page(s) for the particular URL with .htaccess which accepts a wide variety of authentication options, for example: http://home.golden.net/htaccess.html

Thanks for your reply. The thing is my server is providing information to mobile apps. So I have a lot of public api's. I can't block them from public. But there are some private api's also. That should be only accessed from three internal systems. And I cannot add additional authentication mechanisms. So my question is how to give access to the private api calls only from the three internal servers.

Within apache, try some mod_rewrite fun - http://www.marmelune.net/en/drupal/d...l-with-apache/

Throw an additional RewriteCond checking on the REMOTE_ADDR value (presumably a regex matching your local subnet range) and you're done.

Now it sounds like you are changing the desired requirement. First you were saying you wanted to restrict URLs, which can be done with either .htaccess or the directory declaration in your host configuration. Now you want to restrict to private a "api", which when you say API, I interpret that as Application Program Interface, or in other words a function call or execution. Perhaps it would be best for you to provide a clear example of exactly what it is you are trying to do instead of playing obfuscation games?

Doesn't seem changed to me. htaccess is at a different level to uri filtering, with the two fitting together perfectly well. Not that I ever like using htaccess files compared to putting into a proper httpd config directory include.

Sorry if my post confused you. Below is my exact requirement.

I have a webserver(tomcat)running. suppose www.example.com
There is a lot of public api's which servers information to mobile apps. Such as,

http://www.example:1024/social/rest/...ties/(personId)
This personId is a variable if we give different values it gives different results.

But I have some api's which I have to keep private. Which should not be open in public. And those api's should be accessible for three other servers a1.example.com a2.example.com a3.example.com. Any idea how this can be done.

one guy just told I can use this
http://tomcat.apache.org/tomcat-7.0-...Address_Filter
I'm not familiar with tomcat. I'll update here if I find something.

Missed my first reply?

But that was for apache! I'm using tomcat.

but you didn't think that was worth bothering to mention at the start??

Anyway, Apache is usually placed in front of Tomcat and then connected to with mod_proxy and mox_jk. I would still recommend this solution.

@chris
I'm really sorry that I didn't mention it at the beginning. Even I thought Apache was running in front end. Later only I came to know that only tomcat is there. Now I'm trying it with Remote_Address_Filter in tomcat. But till yet not any improvement.

I changed the setup to apache-tomcat with mod-jk. And I have created .htaccess file. But the problem is .htaccess works with apache serving directories but not the ones under tomcat. Any idea?

well as I recommended, don't use htaccess in the first place. go direct to your config files.