Docker client wants to check /v2/.... Allow /v2/ from outside but not internally

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/httpd/reverseproxy/templates/reversepassproxy.candidate-registry.conf

@@ -27,7 +27,15 @@ ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}
   AuthName "Candidate Registry Authentication"
   AuthType Basic
   AuthUserFile /etc/httpd/conf.d/candidate-registry.fedoraproject.org/passwd
-  Require valid-user
+
+  <RequireAny>
+    Require valid-user
+    <RequireAll>
+      Require not ip 10.5
+      # This require is because otherwise apache thinks the Require not ip is useless
+      Require method GET
+    </RequireAll>
+  </RequireAny>
 </Location>
 
 # But we allow random pulling by anyone without auth