On Mon, 26 May 2008 17:22:04 -0400 "Chad Morland" <cmorland@xxxxxxxxx> wrote: > I want to lock down a certain web location by IP address using the > Allow directive. The problem is that we have an SSL terminator > sitting in front of the webserver which is basically a reverse proxy. > > When I am setting up the ACL the client IP that apache sees is that > of the proxy device. Is there a way to use x-forwarded-for headers in > the Allow/Deny directives? Not directly, but you can use a rewriterule to inspect x-forwarded-for and conditionally set an env var for Allow/Deny. Bear in mind that you lay yourself open to a client setting its own x-forwarded-for headers, unless you know the proxy strips them. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|