Author Topic: Apache access restriction  (Read 3605 times)

anup

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
Apache access restriction
« on: March 01, 2012, 04:58:41 AM »
I have a Directory directive in httpd.conf that allows as per htpasswd.

I want to condition it to allow as per IP or htpasswd whichever condition is met.
So here is my conditions:

  <Directory /var/www/siteone>
      AllowOverride All
      Options Indexes FollowSymLinks MultiViews
      Order deny,allow
      Deny from all
      Allow from 14.140.80.222
      AuthType Basic
      AuthName "Beta BGR"
      AuthUserFile /etc/httpd/htpasswd/htpasswd-beta-siteone
      Require valid-user
      Satisfy any
  </Directory>

The IP address 14.140.80.222 is the gateway IP that hits the server. I can see in the log only when I add X-Forward-for in custom log.
Otherwise the server gets a LAN IP on DC load balance which is 172.16.1.111

No point using the LB IP 172.16.1.111 since it will open it for all.

Question..
How do I enable the IP validation to match real client IP when it is behind Loadbalancer/Firewall ?

gouravjoshi

  • Administrator
  • Full Member
  • *****
  • Posts: 94
  • Karma: 1
Re: Apache access restriction
« Reply #1 on: March 03, 2012, 09:08:15 PM »
Hi

You can use SetEnv to restrict access from x-forwarded ip addresses.

For example:-
Deny from env=Restricted
SetEnvIF X-FORWARDED-FOR "10.10.10.1" Restricted


But to find the IP Address "10.10.10.1", you will need to write a script to extract this ip address from logs, which will check against the criteria you have for blocking such ip addresses.

Hope this will help you.