I want to block specific IP addresses but allow all others. I'm still struggling with this.
First I modified the apache2.conf
file to look like this:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
AllowOverride
from None
to All
Then added to .htaccess
accordingly to the Apache2 documentation below:
The Allow, Deny, and Order directives, provided by mod_access_compat,
are deprecated and will go away in a future version. You should avoid
using them, and avoid outdated tutorials recommending their use.
So, a more future-proof answer would be:
<RequireAll>
Require all granted
Require not ip XXX.XXX.XXX.XXX
</RequireAll>
where XXX.XXX.XXX.XXX is my IP
In the access.log
I see this:
10.10.10.5 (XXX.XXX.XXX.XXX) – – [27/Nov/2018:17:11:46 +0000]
Where 10.10.10.5 is the HA proxy.
It's still not working. Any ideas on what should I do next?
Best Answer
Is your Apache behind a reverse proxy?
Because usually that will result in Apache seeing only the ip-address of the reverse proxy server as the client ip-address (and not the actual ip-address of the client) which makes common ip-address restrictions impossible.
HAProxy can be configured to forward the actual client ip-address (see https://www.haproxy.com/blog/haproxy/proxy-protocol/) and Apache will need to be reconfigured to make use of that client ip address with https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html and then you can expect to see client ip-address filtering work as expected in Apache httpd