Skip to content
Advertisement

Apache Access Control to IPs (X-Forwarded-For) or valid-user

I used to block access to certain folder of my Apache server using valid-user or ip directive, like the following:

<Directory "/home/domain/public_html/secure">
    Require ip x.x.x.x
    Require ip y.y.y.y
    AuthType Basic
    AuthUserFile "/home/domain/secure/pass"
    AuthName "Authentication Required"
    Require valid-user
    Satisfy Any
</Directory>

Now, I have placed my server behind an F5-BIGIP device which won’t let me fully DNAT client’s connections. The device is also behind a Linux server that serves as gateway with DNAT/SNAT rules hat are working accordingly. I can log client’s IPs through X-Forwarded_For, though. But my Apache directives are not working anymore.

So my question is, is there any way I could use something like Require X-Forwarded-For x.x.x.x?

My Apache Version is:

[root@webserver1 ~]# apachectl -version
Server version: Apache/2.4.6 (CentOS)
Server built:   May 12 2016 1

0:27:23

Thanks in advance.

Advertisement

Answer

You should be able to do something like:

SetEnvIf X-Forwarded-For x.x.x.x$ foo
SetEnvIf X-Forwarded-For y.y.y.y$ bar
...
Require env foo
Require env bar
User contributions licensed under: CC BY-SA
10 People found this is helpful
Advertisement