Re: Only allow reverse proxy traffic with mod

Re: Only allow reverse proxy traffic with mod_remoteip

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: users@xxxxxxxxxxxxxxxx

Subject: Re: Only allow reverse proxy traffic with mod_remoteip

From: baptx <baptx.is@xxxxxxxxx>

Date: Sun, 26 Apr 2020 10:39:10 +0200

In-reply-to: <CAE1ook2SSAys=gHGa=ROjfbCqZqsJ5Jc9T+yrXeMBNNF0L13rQ@mail.gmail.com>

Reply-to: users@xxxxxxxxxxxxxxxx

Is there a way to display an error with a different message than the 403 Forbidden page configured with "ErrorDocument 403"?

This would improve the privacy, otherwise if a website displays a 403 error on an admin login page restricted by IP address, someone trying to bypass the reverse proxy will see the same error page and could know that a domain name is used on the IP address.

On Sat, 25 Apr 2020 at 18:16, baptx <baptx.is@xxxxxxxxx> wrote:

It worked when using Require in a location, thanks!

On Sat, 25 Apr 2020 at 13:41, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
On Sat, Apr 25, 2020 at 1:24 PM baptx <baptx.is@xxxxxxxxx> wrote:
>
> @Yann: About your last reply suggesting Require expr "%{REMOTE_ADDR} != %{CONN_REMOTE_ADDR}":
> I want to restrict access on some virtualhosts only because I want to use some domain names without Cloudflare.
> It looks like your previous solution with mod_rewrite is better in my case, since Require does not work in virtualhosts (I got the error: "Require not allowed in <VirtualHost> context").

Ah yes, correct, it should be enclosed in a location like:

<VirtualHost ...>
...
RemoteIP...
<Location "/">
Require expr "%{REMOTE_ADDR} != %{CONN_REMOTE_ADDR}"
</Location>
...
</VirtualHost>

>>>
>>> Thanks Yann, it worked.

Great!

Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx