Restricting access using the X-Forwarded-For header in Apache

.htaccessapache-2.2

I'm trying to set up access for a directory using .htaccess rules. Apparently, the remote IP is always localhost due to the way the provider ( SourceForge.net ) has set things up.

I've noticed that the correct IP is set in the X-Forwarded-For header.

How can I allow access only to some known hosts based on the X-Forwarded-For header?

Best Answer

RewriteEngine On
SetEnvIfNoCase X-Forwarded-For .+ forwarded=yes
RewriteCond %{ENV:forwarded} yes
RewriteRule ... my conditions ...

X-Forwarded-For can contain more then one ip address if it was forwarded my multiple servers - if that is the case then you need some script to loop trough this list and processes it.

Related Solutions

Apache .htaccess set base for absolute path

Put this in your .htaccess (in /):
RewriteEngine On RewriteRule ^/mysite.com/(.*)$ http://yourwebsite.com/$1 [R=301]

If that doesn't work, replace the ^/mysite with ^mysite (I can't remember offhand where it starts matching).

Apache – Client Denied by Server Configuration Despite Allowing Access

Change your authorization configuration:

<Directory /home/remix/>
    #...
    Order allow,deny
    Allow from all
</Directory>

...to the Apache 2.4 version of the same.

<Directory /home/remix/>
    #...
    Require all granted
</Directory>

Review the upgrading overview document for information on other changes you might need to make - and be aware that most of the config examples and assistance that you find out there on Google (as well as on this site) is referring to 2.2.

Best Answer

Related Solutions

Apache .htaccess set base for absolute path

Apache – Client Denied by Server Configuration Despite Allowing Access

Related Topic