Author Topic: Apache access restriction  (Read 3605 times)


  • Newbie
  • *
  • Posts: 8
  • Karma: 0
Apache access restriction
« on: March 01, 2012, 04:58:41 AM »
I have a Directory directive in httpd.conf that allows as per htpasswd.

I want to condition it to allow as per IP or htpasswd whichever condition is met.
So here is my conditions:

  <Directory /var/www/siteone>
      AllowOverride All
      Options Indexes FollowSymLinks MultiViews
      Order deny,allow
      Deny from all
      Allow from
      AuthType Basic
      AuthName "Beta BGR"
      AuthUserFile /etc/httpd/htpasswd/htpasswd-beta-siteone
      Require valid-user
      Satisfy any

The IP address is the gateway IP that hits the server. I can see in the log only when I add X-Forward-for in custom log.
Otherwise the server gets a LAN IP on DC load balance which is

No point using the LB IP since it will open it for all.

How do I enable the IP validation to match real client IP when it is behind Loadbalancer/Firewall ?


  • Administrator
  • Full Member
  • *****
  • Posts: 94
  • Karma: 1
Re: Apache access restriction
« Reply #1 on: March 03, 2012, 09:08:15 PM »

You can use SetEnv to restrict access from x-forwarded ip addresses.

For example:-
Deny from env=Restricted
SetEnvIF X-FORWARDED-FOR "" Restricted

But to find the IP Address "", you will need to write a script to extract this ip address from logs, which will check against the criteria you have for blocking such ip addresses.

Hope this will help you.