Otdfbt

Why does string strummed with finger sound different from the one strummed with pick?

Why aren't satellites disintegrated even though they orbit earth within their Roche Limits?

What dog breeds survive the apocalypse for generations?

Is Big Ben visible from the British museum?

How do Ctrl+C and Ctrl+V work?

Find the area of the rectangle

Why do academics prefer Mac/Linux?

Holding rent money for my friend which amounts to over $10k?

Usage of the relative pronoun "dont"

Is there an academic word that means "to split hairs over"?

Why can't I share a one use code with anyone else?

Is it possible to pass a pointer to an operator as an argument like a pointer to a function?

Why are there five extra turns in tournament Magic?

Divisor Rich and Poor Numbers

How does the Heat Metal spell interact with a follow-up Frostbite spell?

Why is the A380’s with-reversers stopping distance the same as its no-reversers stopping distance?

Cycling to work - 30mile return

How to handle professionally if colleagues has referred his relative and asking to take easy while taking interview

Deleting the same lines from a list

Square spiral in Mathematica

Canadian citizen who is presently in litigation with a US-based company

Why is so much ransomware breakable?

Does a non-singular matrix have a large minor with disjoint rows and columns and full rank?

Given 0s on Assignments with suspected and dismissed cheating?

How to block IP address on Apache when it comes from proxy

Yahoo Messenger In Proxy ConnectionTrouble with mod_proxy and mongrel_railsWhen Using Reverse Proxy, Backend Server Does 301 Back to The Proxy Server or Changes URLreverse proxy only from one internal serverHow to enable mod_info in Apache?Restrict non whitelisted IP's from viewing Directory list in Apacheapache change proxy request url rewriteAH00027: No authentication done error after upgrading from Apache 2.2 to 2.4Apache reverse proxy removes headers from webdav serverApache tuning for use as forward proxy

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

1

I have the URL I need to restrict access for specific IP (10.0.0.5).
When I do it for direct access in the next way it works perfect:

<Location /incoming>
 Order Allow,Deny
 Deny from 10.0.0.5
 Allow from all
</Location>

But , when this IP comes from Proxy (Proxy IP: 192.168.1.43) this solution does not work.
This what I see in log:

10.0.0.5, 192.168.1.43 - - [24/May/2017:16:03:54 +0300] "POST /incoming HTTP/1.0" 200 698 0/6899 "-" "-"

I tried to do the next - add Proxy section:

<Proxy /incoming >
 Order Allow,Deny
 Deny from 10.0.0.5
 Allow from all
</Proxy>

It does not help too.

I need your help, friends!!!

apache-2.2 proxy ip restrictions

share|improve this question

asked May 24 '17 at 13:35

Uri GorobetsUri Gorobets

43

add a comment | 

0

1

I have the URL I need to restrict access for specific IP (10.0.0.5).
When I do it for direct access in the next way it works perfect:

<Location /incoming>
 Order Allow,Deny
 Deny from 10.0.0.5
 Allow from all
</Location>

But , when this IP comes from Proxy (Proxy IP: 192.168.1.43) this solution does not work.
This what I see in log:

10.0.0.5, 192.168.1.43 - - [24/May/2017:16:03:54 +0300] "POST /incoming HTTP/1.0" 200 698 0/6899 "-" "-"

I tried to do the next - add Proxy section:

<Proxy /incoming >
 Order Allow,Deny
 Deny from 10.0.0.5
 Allow from all
</Proxy>

It does not help too.

I need your help, friends!!!

apache-2.2 proxy ip restrictions

share|improve this question

asked May 24 '17 at 13:35

Uri GorobetsUri Gorobets

43

add a comment | 

I have the URL I need to restrict access for specific IP (10.0.0.5).
When I do it for direct access in the next way it works perfect:

<Location /incoming>
 Order Allow,Deny
 Deny from 10.0.0.5
 Allow from all
</Location>

But , when this IP comes from Proxy (Proxy IP: 192.168.1.43) this solution does not work.
This what I see in log:

10.0.0.5, 192.168.1.43 - - [24/May/2017:16:03:54 +0300] "POST /incoming HTTP/1.0" 200 698 0/6899 "-" "-"

I tried to do the next - add Proxy section:

<Proxy /incoming >
 Order Allow,Deny
 Deny from 10.0.0.5
 Allow from all
</Proxy>

It does not help too.

I need your help, friends!!!

apache-2.2 proxy ip restrictions

share|improve this question

asked May 24 '17 at 13:35

Uri GorobetsUri Gorobets

43

<Location /incoming>
 Order Allow,Deny
 Deny from 10.0.0.5
 Allow from all
</Location>

<Proxy /incoming >
 Order Allow,Deny
 Deny from 10.0.0.5
 Allow from all
</Proxy>

share|improve this question

asked May 24 '17 at 13:35

Uri GorobetsUri Gorobets

43

share|improve this question

asked May 24 '17 at 13:35

Uri GorobetsUri Gorobets

43

asked May 24 '17 at 13:35

Uri GorobetsUri Gorobets

43

asked May 24 '17 at 13:35

Uri GorobetsUri Gorobets

43

1 Answer
1

active

oldest

votes

1

If the proxy sets the X-Forwarded-For header, you should be able to use this:

<Location /incoming>
 Order Deny,Allow
 SetEnvIf X-Forwarded-For "10.0.0.5" DenyAccess
 Deny from env=DenyAccess
</Location>

Order Deny,Allow is an allow-by-default directive, which gives access unless a deny-rule matches. SetEnvIf conditionally sets an environment flag based on the value of the X-Forwarded-For. The one deny rule here triggers only if that flag is set. If no deny rule is triggered, access is allowed.

You can also reference env flags in Require blocks, as illustrated here.

share|improve this answer

answered May 25 '17 at 0:24

Diogenes deLightDiogenes deLight

31726

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f852000%2fhow-to-block-ip-address-on-apache-when-it-comes-from-proxy%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

If the proxy sets the X-Forwarded-For header, you should be able to use this:

<Location /incoming>
 Order Deny,Allow
 SetEnvIf X-Forwarded-For "10.0.0.5" DenyAccess
 Deny from env=DenyAccess
</Location>

Order Deny,Allow is an allow-by-default directive, which gives access unless a deny-rule matches. SetEnvIf conditionally sets an environment flag based on the value of the X-Forwarded-For. The one deny rule here triggers only if that flag is set. If no deny rule is triggered, access is allowed.

You can also reference env flags in Require blocks, as illustrated here.

share|improve this answer

answered May 25 '17 at 0:24

Diogenes deLightDiogenes deLight

31726

add a comment | 

1

If the proxy sets the X-Forwarded-For header, you should be able to use this:

<Location /incoming>
 Order Deny,Allow
 SetEnvIf X-Forwarded-For "10.0.0.5" DenyAccess
 Deny from env=DenyAccess
</Location>

Order Deny,Allow is an allow-by-default directive, which gives access unless a deny-rule matches. SetEnvIf conditionally sets an environment flag based on the value of the X-Forwarded-For. The one deny rule here triggers only if that flag is set. If no deny rule is triggered, access is allowed.

You can also reference env flags in Require blocks, as illustrated here.

share|improve this answer

answered May 25 '17 at 0:24

Diogenes deLightDiogenes deLight

31726

add a comment | 

If the proxy sets the X-Forwarded-For header, you should be able to use this:

<Location /incoming>
 Order Deny,Allow
 SetEnvIf X-Forwarded-For "10.0.0.5" DenyAccess
 Deny from env=DenyAccess
</Location>

Order Deny,Allow is an allow-by-default directive, which gives access unless a deny-rule matches. SetEnvIf conditionally sets an environment flag based on the value of the X-Forwarded-For. The one deny rule here triggers only if that flag is set. If no deny rule is triggered, access is allowed.

You can also reference env flags in Require blocks, as illustrated here.

share|improve this answer

answered May 25 '17 at 0:24

Diogenes deLightDiogenes deLight

31726

<Location /incoming>
 Order Deny,Allow
 SetEnvIf X-Forwarded-For "10.0.0.5" DenyAccess
 Deny from env=DenyAccess
</Location>

share|improve this answer

answered May 25 '17 at 0:24

Diogenes deLightDiogenes deLight

31726

answered May 25 '17 at 0:24

Diogenes deLightDiogenes deLight

31726

answered May 25 '17 at 0:24

Diogenes deLightDiogenes deLight

31726