httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Is this possible ?
Date Thu, 24 Aug 2006 02:09:50 GMT
On 8/23/06, Jignesh Badani <jbadani@mmsa.com> wrote:
> Awesome, just trying to understand the syntax of the last SetEnvIf:
>
> SetEnvIf let_10161_in ^0$ !let_xuser_in
>
> --> If the env variable let_10161_in is "0" - meaning the request is not
> from 10.161, unset (make it 0?) the let_xuser_in env variable ?

Basically, yes.  Although "unset" and "set to 0" are not the same thing.

>
> And mod_rewrite for this, how ?

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-For} !^10\.161 [or]
RewriteCond %{HTTP:Cookie} !XSESSION
RewriteRule .* - [F]

By the way, you should be aware that both X-Forwarded-For and Cookie
can be faked by the browser, so they don't provide real security.  In
particular, if the request already has an X-Forwarded-For header when
it passes through the proxy, the new IP address will be folded into
it.  You can detect this situation by testing X-Forwarded-For for a
comma, which is the separator used for multiple IP addresses.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message