Require IP but disallow if x-forwarded-for
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I'm trying to write a rule for a location within httpd config.
Apache ver.2.4
Currently I have this configured:
<Location /location>
Require ip 192.168.0.0/255.255.0.0
</Location>
Which allows it from anywhere within the local subnet.
But as these request come from the local loadbalancer-proxy it will still allow it.
How to write this to deny anything which has a remote IP or it was x-forwaded-for ?
Something like:
<Location /location>
Require ip 192.168.0.0/255.255.0.0
Require not remote ip *
</Location>
or
<Location /location>
Order Deny,Allow
Allow from All
SetEnvIf X-Forwarded-For "*" DenyAccess
Deny from env=DenyAccess
</Location>
Thanks!
security apache-httpd apache-virtualhost
add a comment |Â
up vote
0
down vote
favorite
I'm trying to write a rule for a location within httpd config.
Apache ver.2.4
Currently I have this configured:
<Location /location>
Require ip 192.168.0.0/255.255.0.0
</Location>
Which allows it from anywhere within the local subnet.
But as these request come from the local loadbalancer-proxy it will still allow it.
How to write this to deny anything which has a remote IP or it was x-forwaded-for ?
Something like:
<Location /location>
Require ip 192.168.0.0/255.255.0.0
Require not remote ip *
</Location>
or
<Location /location>
Order Deny,Allow
Allow from All
SetEnvIf X-Forwarded-For "*" DenyAccess
Deny from env=DenyAccess
</Location>
Thanks!
security apache-httpd apache-virtualhost
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to write a rule for a location within httpd config.
Apache ver.2.4
Currently I have this configured:
<Location /location>
Require ip 192.168.0.0/255.255.0.0
</Location>
Which allows it from anywhere within the local subnet.
But as these request come from the local loadbalancer-proxy it will still allow it.
How to write this to deny anything which has a remote IP or it was x-forwaded-for ?
Something like:
<Location /location>
Require ip 192.168.0.0/255.255.0.0
Require not remote ip *
</Location>
or
<Location /location>
Order Deny,Allow
Allow from All
SetEnvIf X-Forwarded-For "*" DenyAccess
Deny from env=DenyAccess
</Location>
Thanks!
security apache-httpd apache-virtualhost
I'm trying to write a rule for a location within httpd config.
Apache ver.2.4
Currently I have this configured:
<Location /location>
Require ip 192.168.0.0/255.255.0.0
</Location>
Which allows it from anywhere within the local subnet.
But as these request come from the local loadbalancer-proxy it will still allow it.
How to write this to deny anything which has a remote IP or it was x-forwaded-for ?
Something like:
<Location /location>
Require ip 192.168.0.0/255.255.0.0
Require not remote ip *
</Location>
or
<Location /location>
Order Deny,Allow
Allow from All
SetEnvIf X-Forwarded-For "*" DenyAccess
Deny from env=DenyAccess
</Location>
Thanks!
security apache-httpd apache-virtualhost
asked Dec 14 '17 at 14:25
DaWe4444
639
639
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f410881%2frequire-ip-but-disallow-if-x-forwarded-for%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password