I have a protected admin area that is only accessible for my IP. However, I am using a proxy that has a lot of IPs. It's not practical to whitelist all its list of IPs.
The proxy sends the HTTP_X_FORWARDED_FOR header that contains the real IP.
I can get that information in PHP with $_SERVER['HTTP_X_FORWARDED_FOR'].
My objective is to whitelist that IP contained in "HTTP_X_FORWARDED_FOR" if it equals my own IP.
Here’s the code I want to set in my Apache config file:
# The value is hardcoded and will be edited if my real IP is changed.
DEFINE myRealIp "XXX.XXX.XXX.XXX"
# That's what I am looking for.
DEFINE originIpFromProxy variable_method_to_get_that_value
<LocationMatch "/admin/">
Order deny,allow
Deny from all
<If "'${originIpFromProxy}' == '${myRealIp}'">
Allow from ${originIpFromProxy}
</If>
</LocationMatch>
There's also a problem, the header HTTP_X_FORWARDED_FOR may contain many IPs separated with commas.