httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Nokes <jeff_no...@yahoo.com>
Subject Re: [users@httpd] mod_access and Client IP's from Load Balancers
Date Mon, 24 Apr 2006 22:11:02 GMT
Thanks for the reply!

Yes, that is correct.
But since I cannot use arbitrary headers, these options aren't viable for me.  Basically,
I need to restrict the same Location, via a single restriction (preferably via IP subnets),
using an explicit defined Header from 50% of web traffic [Netscaler], and the REMOTE_ADDR
(or whatever mod_access uses to get the client IP) [BigIP] from the other 50%, at the same
time; SetEnvIf will only help me with the Netscaler traffic.  I need a single solution to
handle both scenarios.

Thanks,
- Jeff

----- Original Message ----
From: Joshua Slive <joshua@slive.ca>
To: users@httpd.apache.org; Jeff Nokes <jeff_nokes@yahoo.com>
Sent: Monday, April 24, 2006 2:09:37 PM
Subject: Re: [users@httpd] mod_access and Client IP's from Load Balancers

On 4/24/06, Jeff Nokes <jeff_nokes@yahoo.com> wrote:
>
>
>       <LocationMatch "^/+(marketing/report.*)$">
>         order deny,allow
>         deny from all
>         allow from  10  172.16  192.168
>       </LocationMatch>

mod_rewrite or mod_setenvif can do access control based on arbitrary
headers.  So assuming you have an X-Remote-IP header, you could do
SetEnvIf X-Remote-IP ^10\..* good-guy
SetEnvIf X-Remote-IP ^172\.16\..* good-guy
SetEnvIf X-Remote-IP ^192\.168\..* good-guy
and then add
Allow from env=good-guy
to the above block.

Joshua.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message