How to Proxy All Requests Except a Specific Path in Apache HTTPD Configuration


3 views

When configuring Apache HTTPD as a reverse proxy, a common requirement is to proxy most requests to a backend server while serving specific paths directly from Apache. The default ProxyPass directive routes everything to the backend, making exceptions tricky to implement correctly.

The configuration attempt using Alias doesn't work because:

ProxyPass / http://127.0.0.1:5012/

This directive takes precedence over other URL mapping directives. Apache processes proxy rules before checking for aliases or directory matches.

To properly exclude a path from proxying, use ProxyPass with the ! modifier:


    ServerName foo.org
    ServerAlias www.foo.org

    # First declare the exception
    ProxyPass /lib !
    
    # Then declare the general proxy rule
    ProxyPass / http://127.0.0.1:5012/
    ProxyPassReverse / http://127.0.0.1:5012/

    # Configure the local path handling
    Alias /lib /path/to/lib
    
        Options FollowSymLinks
        AllowOverride None
        Require all granted

1. Order matters: The exception (ProxyPass /lib !) must appear before the general proxy rule

2. Path specificity: The excluded path should exactly match what you want to serve locally

3. Directory permissions: Ensure your Directory block has proper access controls

After making changes:

sudo apachectl configtest  # Check syntax
sudo systemctl reload apache2  # Apply changes

Verify both paths work as expected:

curl -I http://foo.org/          # Should show backend headers
curl -I http://foo.org/lib       # Should show Apache headers

For multiple exceptions:

ProxyPass /lib !
ProxyPass /static !
ProxyPass / http://127.0.0.1:5012/

For regex pattern matching:

ProxyPassMatch ^/(lib|static) !

When setting up reverse proxy configurations in Apache, a common requirement is to proxy most requests to backend servers while excluding specific paths that should be handled by Apache directly. The original configuration proxies all requests to port 5012:


    ServerName foo.org
    ServerAlias www.foo.org

    
        Options FollowSymLinks MultiViews
        Order allow,deny
        Allow from all
        AllowOverride All
    

    ProxyPass        / http://127.0.0.1:5012/
    ProxyPassReverse / http://127.0.0.1:5012/

To exclude the /lib path from being proxied, we need to use ProxyPass with an exclamation mark (!) before the path we want to exclude:


    ServerName foo.org
    ServerAlias www.foo.org

    # Proxy configuration
    
        Options FollowSymLinks MultiViews
        Order allow,deny
        Allow from all
        AllowOverride All
    

    # Exclude /lib from proxying
    ProxyPass        /lib !
    ProxyPass        / http://127.0.0.1:5012/
    ProxyPassReverse / http://127.0.0.1:5012/

    # Local handling for /lib
    Alias /lib /path/to/lib
    
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted

The order of ProxyPass directives matters - the more specific exclusion (!) must come before the general proxy rule. Also note:

  • The ProxyPass /lib ! directive must appear before ProxyPass /
  • Use absolute filesystem paths for Alias and Directory directives
  • Modern Apache versions use Require all granted instead of Order/Allow

After making changes, always test with:

apachectl configtest
systemctl reload apache2  # or httpd depending on OS

Verify by accessing both the proxied content and the excluded path to confirm they're handled correctly.

You can exclude multiple paths by adding more ProxyPass ! directives:

ProxyPass        /assets !
ProxyPass        /static !
ProxyPass        /lib !
ProxyPass        / http://127.0.0.1:5012/