System: RHEL 7 Synopsis: My site is behind an F5 load balancer. Apache sees all requests coming from 10.10.84.8. The F5 sends the X-Forwarded-For header containing the actual client IP address. I need to attempt Kerberos auth for the entire site (<Location />)
for internal (X-Forwarded-For header is 10.0.0.0/8) users. This is working just fine. Apache should not even attempt Kerberos for external (X-Forwarded-For header is anything but 10.0.0.0/8) users. It _can_ attempt it as long as the user does not see
indication that Kerberos auth failed (which it always will for external users). Instead, the external user should be redirected to /user/login where a form awaits for authentication. I’ve tried many combinations of RemoteIPHeader, Require all granted, Require valid-user, Satisfy any. I need some direction on how to handle this. Thank you in advance.
This electronic mail and any attached documents are intended solely for the named addressee(s) and contain confidential information. If you are not an addressee, or responsible for delivering this email to an addressee, you have received this email in error and are notified that reading, copying, or disclosing this email is prohibited. If you received this email in error, immediately reply to the sender and delete the message completely from your computer system. |