Wednesday, September 23, 2015

Block Access to Files by IP using X-Forwarded-For - part 2

In my previous post, I explained how to block access by using X-Forwarded-For.  While this works very well in many cases, there are situations where it doesn't do as good a job.

I had a need to block access to multiple VirtualHost entries to a group of IP addresses, and found that it could be achieved using rewrite rules.

Here is an example:
1
2
3
4

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-For} ^10.10.10.11$ [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^10.10.10.12$
RewriteRule .* - [F]
A range can be defined:
1
2
3

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-For} ^10.10.$
RewriteRule .* - [F]
Etc...

--

This code went into a file I named /etc/httpd/conf/block.conf (CentOS specific location)

The file was then included into each and every VirtualHost entry, for example:
1
2
3
4
5
6
7
8
9
10
11

<virtualhost *:80>
    include /etc/httpd/conf/block.conf
    ServerName www.mysite1.com
    DocumentRoot /var/www/html/http/mysite1
</virtualhost>

<virtualhost *:80>
    include /etc/httpd/conf/block.conf
    ServerName www.mysite2.com
    DocumentRoot /var/www/html/http/mysite2
</virtualhost>
Etc...
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)