We have an endpoint that we've locked down to be only accessible from specific IPs. We have a conf section kinda like this:
<Location /Foo>
Order allow,deny
Allow from 111.111.111.111
Allow from 111.222.333.444
...
</Location>
Now, it's gotten to the point where we need to load balance it between a couple of machines, but we still need to lock it down to only be accessible from those IPs.
So… how can I set Apache to Allow from
the X-Forwarded-For
?
Best Answer
Presumably you have a load balancer that is doing SNAT/NAPT obscuring the client IP address.
Have you seen this answer, which solves it using SetEnvIf? Apache, use X-Forwarded-For for allow
There's a comment on that answer about forging. I'd point out that: