diff --git a/sample/apache_ldap.conf b/sample/apache_ldap.conf
index 50ee7f962337bf..f7df159e33527b 100755
--- a/sample/apache_ldap.conf
+++ b/sample/apache_ldap.conf
@@ -31,15 +31,15 @@
   </Proxy>
  
   # Proxy for _aliases and .*/_search
-  <LocationMatch "^(/_aliases|/_nodes|.*/_search|.*/_mapping)$">
-    ProxyPassMatch http://127.0.0.1:9200
-    ProxyPassReverse http://127.0.0.1:9200
+  <LocationMatch "^/(_nodes|_aliases|_search|.*/_search|_mapping|.*/_mapping)$">
+    ProxyPassMatch http://127.0.0.1:9200/$1
+    ProxyPassReverse http://127.0.0.1:9200/$1
   </LocationMatch>
- 
+
   # Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on /, then you will want these to be protected)
-  <LocationMatch "^(/kibana-int/dashboard/|/kibana-int/temp).*$">
-    ProxyPassMatch http://127.0.0.1:9200
-    ProxyPassReverse http://127.0.0.1:9200 
+  <LocationMatch "^/(kibana-int/dashboard/|kibana-int/temp)(.*)$">
+    ProxyPassMatch http://127.0.0.1:9200/$1$2
+    ProxyPassReverse http://127.0.0.1:9200/$1$2
   </LocationMatch>
  
   # Optional disable auth for a src IP (eg: your monitoring host or subnet)