I have an embedded page (yyy.subdomain.com) that i call and share session from my web with subdomain(xxx.subdomain.com), but i need that the embedded page can be only accessed by my app and not by the url in a browser. this is my conf in my vhost of apache.
<VirtualHost 127.0.0.1:443 _default_:443> ServerAlias yyy.subdomain.com SSLEngine on SSLCertificateFile "/opt/user/apache/conf/certs/server.crt" SSLCertificateKeyFile "/opt/user/apache/conf/certs/server.key" DocumentRoot /opt/bitnami/apache/htdocs/yyy<Directory "/opt/bitnami/apache/htdocs/yyy"> Options Indexes FollowSymLinks MultiViews AllowOverride All Require all granted</Directory></VirtualHost>Also I try to remove "Require all granted" and write "Require all denied" and then use Require host / ip but it didn't work