On 8/23/06, Jignesh Badani <jbadani@xxxxxxxx> wrote:
Awesome, just trying to understand the syntax of the last SetEnvIf: SetEnvIf let_10161_in ^0$ !let_xuser_in --> If the env variable let_10161_in is "0" - meaning the request is not from 10.161, unset (make it 0?) the let_xuser_in env variable ?
Basically, yes. Although "unset" and "set to 0" are not the same thing.
And mod_rewrite for this, how ?
RewriteEngine On RewriteCond %{HTTP:X-Forwarded-For} !^10\.161 [or] RewriteCond %{HTTP:Cookie} !XSESSION RewriteRule .* - [F] By the way, you should be aware that both X-Forwarded-For and Cookie can be faked by the browser, so they don't provide real security. In particular, if the request already has an X-Forwarded-For header when it passes through the proxy, the new IP address will be folded into it. You can detect this situation by testing X-Forwarded-For for a comma, which is the separator used for multiple IP addresses. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx