Problem You have a biserver serving up information either directly or embedded into some website. You need to open up the biserver to the rest of the world but want to prevent access to certain endpoints. These endpoints might serve only internal consumers, or have security implications. We need to limit the attack service of a biserver! Traditionally one would spin up a new server, add an apache config to proxy forward some requests to the backend.