On 8/23/06, Jignesh Badani <jbadani@xxxxxxxx> wrote:
Awesome, just trying to understand the syntax of the last SetEnvIf: SetEnvIf let_10161_in ^0$ !let_xuser_in --> If the env variable let_10161_in is "0" - meaning the request is not from 10.161, unset (make it 0?) the let_xuser_in env variable ?
Basically, yes. Although "unset" and "set to 0" are not the same thing.
And mod_rewrite for this, how ?
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-For} !^10\.161 [or]
RewriteCond %{HTTP:Cookie} !XSESSION
RewriteRule .* - [F]
By the way, you should be aware that both X-Forwarded-For and Cookie
can be faked by the browser, so they don't provide real security. In
particular, if the request already has an X-Forwarded-For header when
it passes through the proxy, the new IP address will be folded into
it. You can detect this situation by testing X-Forwarded-For for a
comma, which is the separator used for multiple IP addresses.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|