How to block IP address on Apache when it comes from proxy
If the proxy sets the X-Forwarded-For header, you should be able to use this:
<Location /incoming>
Order Deny,Allow
SetEnvIf X-Forwarded-For "10.0.0.5" DenyAccess
Deny from env=DenyAccess
</Location>
Order Deny,Allow is an allow-by-default directive, which gives access unless a deny-rule matches. SetEnvIf conditionally sets an environment flag based on the value of the X-Forwarded-For. The one deny rule here triggers only if that flag is set. If no deny rule is triggered, access is allowed.
You can also reference env flags in Require blocks, as illustrated here.
Related videos on Youtube
02 : 59
05 : 21
11 : 13
04 : 13
02 : 01
02 : 20
Uri Gorobets
Updated on September 18, 2022Comments
-
Uri Gorobets over 1 year
I have the URL I need to restrict access for specific IP (10.0.0.5). When I do it for direct access in the next way it works perfect:
<Location /incoming> Order Allow,Deny Deny from 10.0.0.5 Allow from all </Location>But , when this IP comes from Proxy (Proxy IP: 192.168.1.43) this solution does not work. This what I see in log:
10.0.0.5, 192.168.1.43 - - [24/May/2017:16:03:54 +0300] "POST /incoming HTTP/1.0" 200 698 0/6899 "-" "-"
I tried to do the next - add Proxy section:
<Proxy /incoming > Order Allow,Deny Deny from 10.0.0.5 Allow from all </Proxy>It does not help too.
I need your help, friends!!!