httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Nokes <>
Subject Re: [users@httpd] mod_access and Client IP's from Load Balancers
Date Mon, 24 Apr 2006 22:11:02 GMT
Thanks for the reply!

Yes, that is correct.
But since I cannot use arbitrary headers, these options aren't viable for me.  Basically,
I need to restrict the same Location, via a single restriction (preferably via IP subnets),
using an explicit defined Header from 50% of web traffic [Netscaler], and the REMOTE_ADDR
(or whatever mod_access uses to get the client IP) [BigIP] from the other 50%, at the same
time; SetEnvIf will only help me with the Netscaler traffic.  I need a single solution to
handle both scenarios.

- Jeff

----- Original Message ----
From: Joshua Slive <>
To:; Jeff Nokes <>
Sent: Monday, April 24, 2006 2:09:37 PM
Subject: Re: [users@httpd] mod_access and Client IP's from Load Balancers

On 4/24/06, Jeff Nokes <> wrote:
>       <LocationMatch "^/+(marketing/report.*)$">
>         order deny,allow
>         deny from all
>         allow from  10  172.16  192.168
>       </LocationMatch>

mod_rewrite or mod_setenvif can do access control based on arbitrary
headers.  So assuming you have an X-Remote-IP header, you could do
SetEnvIf X-Remote-IP ^10\..* good-guy
SetEnvIf X-Remote-IP ^172\.16\..* good-guy
SetEnvIf X-Remote-IP ^192\.168\..* good-guy
and then add
Allow from env=good-guy
to the above block.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message