httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <>
Subject Re: [users@httpd] Is this possible ?
Date Thu, 24 Aug 2006 02:09:50 GMT
On 8/23/06, Jignesh Badani <> wrote:
> Awesome, just trying to understand the syntax of the last SetEnvIf:
> SetEnvIf let_10161_in ^0$ !let_xuser_in
> --> If the env variable let_10161_in is "0" - meaning the request is not
> from 10.161, unset (make it 0?) the let_xuser_in env variable ?

Basically, yes.  Although "unset" and "set to 0" are not the same thing.

> And mod_rewrite for this, how ?

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-For} !^10\.161 [or]
RewriteCond %{HTTP:Cookie} !XSESSION
RewriteRule .* - [F]

By the way, you should be aware that both X-Forwarded-For and Cookie
can be faked by the browser, so they don't provide real security.  In
particular, if the request already has an X-Forwarded-For header when
it passes through the proxy, the new IP address will be folded into
it.  You can detect this situation by testing X-Forwarded-For for a
comma, which is the separator used for multiple IP addresses.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message