Next cloud collaboration with onlyoffice | Block public access


We are using only office for documentation collaboration, OO is behind the proxy server, we are using next cloud web server as an proxy. We want to block public access of onlyoffice, but unfortunately i am not successful
For better understanding, let me explain with urls

OnlyOffice proxy URL =
OnlyOffice internal URL, map on private IP =

Following are NC settings

Document Editing Service address=
Document Editing Service address for internal requests from the server =
Server address for internal requests from the Document Editing Service =

Following are apache settings for proxy[as per recommended by OO], here is https to https link

<VirtualHost :443>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/httpd/sslcert/ibex.crt
SSLCertificateKeyFile /etc/httpd/sslcert/ibex.key
SSLCertificateChainFile /etc/httpd/sslcert/caroot.key
ProxyPreserveHost On
SSLProxyEngine on
SSLProxyCheckPeerCN on
SSLProxyCheckPeerExpire on
SetEnvIf Host "^(.
)$" THE_HOST=$1
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Host “%{THE_HOST}e”
ProxyAddHeaders Off
ProxyPassMatch (.*)(/websocket)$ “wss://$1$2”
ProxyPass /
ProxyPassReverse /

if i directly access, it takes me to OO page. How can i block it publicly.



Something like this should work (not tested it myself)

<Location /foo>
    Deny from all                       // **This rule is the most IMPORTANT**    
    Allow from 10.100       // The second value implies subnet


In this case, i am still able to access the OO, because i have allowed my LB’s internal IP. And all traffic is coming through this LB.
2nd if i deny all traffic, how a user access to edit the document. Because if you see the below screenshot while i try to edit any document, browser directly access the OO url mentioned in setting " Document Editing Service address="


You cant make a block in the LB for it ?


Please review my question gain