Re: Deny by IP address unsuccessful

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 4/29/2013 2:11 PM, Angela Barone wrote:

On Apr 27, 2013, at 2:25 PM, Jim Albert wrote:

Is your .htaccess at the proper directory level with the resource you
want to block?

If there are .htaccess files at sublevels that could be your problem.

Is .htaccess readable by your apache user?

Is Apache configured for AllowOverride with at minimum Limit at the
appropriate level?


Hi Jim,

All excellent points, but everything is in order.

I may have stumbled upon something.   Our ISP has CloudFlare turned on
for this domain and, after a lot of searching, it appears that
CloudFlare changes the IP address of the visitor (I may not be wording
that correctly).  Using a PHP scripts, HTTP_X_FORWARDED_FOR gives me my
proper IP address while REMOTE_ADDR is blank.  Unfortunately, I still
can't block myself.  I've tried:

RewriteCond %{HTTP_X_FORWARDED_FOR} !!=69.163.150.25
RewriteCond %{HTTP_X_FORWARDED_FOR} ^69\.163\.150\.25$
RewriteCond %{REMOTE_ADDR} !!=69.163.150.25
RewriteCond %{REMOTE_ADDR} ^69\.163\.150\.25$

Am I going about this all wrong?

Thank again,
Angela
It sounds like you are saying your ISP is providing you with a reverse proxy for your web server. 

If so, these pages might be helpful:
https://freistil.zendesk.com/entries/21852711-How-can-I-restrict-IP-addresses-in-htaccess-with-the-reverse-proxy-in-front-
http://serverfault.com/questions/235648/apache-use-x-forwarded-for-for-allow
http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html#setenvif
That's not exactly what you would want to do, but possibly something along those examples except you want to deny.
The idea is you set an environment variable based on some condition you are checking on... in your case another environment variable and then deny based on that env being set.
You should check with your ISP to confirm the environment variable in which they are supplying the real client's IP address unless you are convinced it is HTTP_X_FORWARDED_FOR.
I'm making some assumptions here so maybe check with your ISP if those suggestions make sense for your environment. 

Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux