Re: [users@httpd] mod_proxy, mod_authz_host and .htaccess

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/13/06, Emmanuel.Leguy <Emmanuel.Leguy@xxxxxxx> wrote:
Hello,

Config:
- Reverse proxy server: solaris 9, apache 2.2
- Proxied server: solaris 9, apache 2.2

Requests to userdir are reverse proxied:

http://www.real.fr/~login -> http://www.priv/~login

Some users use a .htaccess file with order, allow and deny directives:

order deny,allow
deny from all
allow from ipaddresses

but all requests to www.priv are send from only one address: the
www.real.fr's one (reverse proxy server). So the deny/allow directives
have this binary effect:
- if www.real.fr's ip address is in ipaddresses, requests are allways ok
- if www.real.fr's ip address is not in ipaddresses, request are allways
blocked.
Is there a way that the request appear to be sent by the end client and
not the reverse proxy server?

Not easily.  You could tell your users to use SetEnvIf to test the
X-Forwarded-For header, which contains the real IP address.  But this
is much more complicated.

You could also take a look at mod_extract_forwarded (google for it).
It was designed for 2.0, but I bet it would work for 2.2.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux