| | 1 | = UoL LAMP HowTo Deny Access from the Internet |
| | 2 | |
| | 3 | Tags: [[UoL LAMP Server]] [[HowTo]] |
| | 4 | |
| | 5 | == Overview |
| | 6 | |
| | 7 | [[Apache]] can allow or deny access based on IP address, but because the LAMP servers sit behind a [[Pound]] proxy server all the requests come from the same IP address. [[Pound]] puts the original IP address into an environment variable called {{{X-Forwarded-For}}}. |
| | 8 | |
| | 9 | This method was adapted from [[http://hungrygeek.holidayextras.co.uk/ops/2012/09/19/apache-deny-ip-addresses-from-x-forwarded-for-using-setenvif/|Deny IP Address using Setenvif]]. |
| | 10 | |
| | 11 | == Procedure |
| | 12 | |
| | 13 | 1. Add or replace the following lines to the {{{Directory}}} element of the application in the {{{http.conf}}} file. |
| | 14 | |
| | 15 | {{{ |
| | 16 | #!xml |
| | 17 | <Directory ... > |
| | 18 | ... |
| | 19 | SetEnvIF X-Forwarded-For "(,| |^)143\.210\.\d{1,3}\.\d{1,3}(,| |$)" AllowIP |
| | 20 | Order deny,allow |
| | 21 | Deny from all |
| | 22 | Allow from env=AllowIP |
| | 23 | ... |
| | 24 | </Directory> |
| | 25 | }}} |
| | 26 | |
| | 27 | [[BackLinks]] |
