AFA Med

Asked: 2022-01-31 13:12:31 +0800 CST2022-01-31 13:12:31 +0800 CST 2022-01-31 13:12:31 +0800 CST

How to get HTTP_X_FORWARDED_FOR in Apache config files

I have a protected admin area that is only accessible for my IP. However, I am using a proxy that has a lot of IPs. It's not practical to whitelist all its list of IPs.

The proxy sends the HTTP_X_FORWARDED_FOR header that contains the real IP.

I can get that information in PHP with $_SERVER['HTTP_X_FORWARDED_FOR'].

My objective is to whitelist that IP contained in "HTTP_X_FORWARDED_FOR" if it equals my own IP.

Here’s the code I want to set in my Apache config file:

# The value is hardcoded and will be edited if my real IP is changed.
DEFINE myRealIp "XXX.XXX.XXX.XXX"

# That's what I am looking for.
DEFINE originIpFromProxy variable_method_to_get_that_value

<LocationMatch "/admin/">
    Order deny,allow
    Deny from all

    <If "'${originIpFromProxy}' == '${myRealIp}'">
        Allow from ${originIpFromProxy}
    </If>
</LocationMatch>

There's also a problem, the header HTTP_X_FORWARDED_FOR may contain many IPs separated with commas.

How to get HTTP_X_FORWARDED_FOR in Apache config files

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

How to get HTTP_X_FORWARDED_FOR in Apache config files

0 Answers