Re: [users@httpd] Is this possible ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/23/06, Jignesh Badani <jbadani@xxxxxxxx> wrote:
Awesome, just trying to understand the syntax of the last SetEnvIf:

SetEnvIf let_10161_in ^0$ !let_xuser_in

--> If the env variable let_10161_in is "0" - meaning the request is not
from 10.161, unset (make it 0?) the let_xuser_in env variable ?

Basically, yes.  Although "unset" and "set to 0" are not the same thing.


And mod_rewrite for this, how ?

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-For} !^10\.161 [or]
RewriteCond %{HTTP:Cookie} !XSESSION
RewriteRule .* - [F]

By the way, you should be aware that both X-Forwarded-For and Cookie
can be faked by the browser, so they don't provide real security.  In
particular, if the request already has an X-Forwarded-For header when
it passes through the proxy, the new IP address will be folded into
it.  You can detect this situation by testing X-Forwarded-For for a
comma, which is the separator used for multiple IP addresses.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux