= UoL LAMP HowTo Deny Access from the Internet

Tags: [[UoL LAMP Server]] [[HowTo]]

== Overview

[[Apache]] can allow or deny access based on IP address, but because the LAMP servers sit behind a [[Pound]] proxy server all the requests come from the same IP address.  [[Pound]] puts the original IP address into an environment variable called {{{X-Forwarded-For}}}.

This method was adapted from [[http://hungrygeek.holidayextras.co.uk/ops/2012/09/19/apache-deny-ip-addresses-from-x-forwarded-for-using-setenvif/|Deny IP Address using Setenvif]].

== Procedure

1. Add or replace the following lines to the {{{Directory}}} element of the application in the {{{http.conf}}} file.

{{{
#!xml
<Directory ... >
    ...
    SetEnvIF X-Forwarded-For "(,| |^)143\.210\.\d{1,3}\.\d{1,3}(,| |$)" AllowIP
    Order deny,allow
    Deny from all
    Allow from env=AllowIP
    ...
</Directory>
}}}
2. Restart apache

[[BackLinks]]