How to set X-Forward-For on Apache httpd

I think you want to use X-Forwarded-For when you use a load balancer.
Because the IP address acquired by the web server becomes the IP address of the load balancer.
In this article I will show how to restrict IP using X-Forwarded-For and how to output X-Forwarded-For to the log.
Apache httpd introduced in this article is installed based on chef.

X-Forwarded-For logging

  • vim /etc/httpd/conf/httpd.conf

Create a custom log definition called "combined".

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Forwarded-For}i\"" combined
  • vim /etc/httpd/sites-enabled/000-default

000-default is the file setting VirtualHost.
Set to use combined.

CustomLog /var/log/httpd/access_default.log combined

Restrict IP with X-Forwarded-For

The following is a setting that can reject specific IP address.

  • vim /etc/httpd/sites-enabled/000-default
<VirtualHost *:80>
    SetEnvIf X-Forwarded-For "192.168.10.101" deny_ip
    SetEnvIf X-Forwarded-For "192.168.10.102" deny_ip

        <Location />
            Order allow,deny
            Allow from all
            Deny from env=deny_ip
            ProxyPass ajp://192.168.20.100:8009/sample-app/
        </Location>

        <Location /*/test/>
            Order deny,allow
            Deny from all
            Allow from env=deny_ip
            ProxyPass ajp://192.168.20.100:8009/sample-app/
        </Location>
</VirtualHost>

Use "SetEnvIf".
You can use CIDR or regular expressions to specify your IP address.
It is also necessary to accept on 80 port.

In the "/" Location setting, we deny the specified IP.
I refuse the specified IP address after allowing all.

In the "/*/test/" Location setting, we allow the specified IP.
After denying all IP addresses, only the specified IP address is allowed.

Comments

Post a Comment

Popular posts from this blog

Detect Bluetooth LE Device with BlueZ on RaspberryPi

BlueZ is a project to control Bluetooth Device on Linux. BlueZ is also required when controlling BLE with RaspberryPi. In this article, how to install BlueZ and I tried to run a simple Python script sample with BlueZ. Versions Raspberry Pi Type B Single Board Computer 512MB Raspbian 7.8 Python 2.7 BlueZ 5.32 pybluez 0.22 Boost 1.49 Install BlueZ into RPi sudo apt-get install libdbus-1-dev libdbus-glib-1-dev libglib2.0-dev libical-dev libreadline-dev libudev-dev libusb-dev make mkdir -p work/bluetooth cd work/bluetooth wget https://www.kernel.org/pub/linux/bluetooth/bluez-5.32.tar.xz tar xvf bluez-5.32.tar.xz cd bluez-5.32 ./configure --disable-systemd --enable-library make sudo make install Manually install commands that are not installed by make. sudo cp attrib/gatttool /usr/local/bin/ sudo cp -ipr lib/ /usr/include/bluetooth.5.32 cd /usr/include sudo mv bluetooth bluetooth.4.99 sudo ln -s bluetooth.5.32/ bluetooth Detecting test with hcitool
Read more

What I did until many slimes spawn on slime chunk

What I did Waiting place and not to spawn mods Create Multi layers Sprinkling is the most difficult About timing when slime spawns Once Despawn A sure way Build slime farm trap tower Conclusion What I did First I found a slime chunk using Slime Finder . This is the basic in the basics. Dig into Y=40 heights in the slime chunk found. From there continue to create a space of height 3 until it hit the ground. Fills a range of 128 squares from the slime chunk with torches. Wait at least 28 blocks and not more than 128 blocks from the slime chunk. The above is the basis of how to spawn slime. But I did not spawn a lot of slime with just the above. So I repeated a lot of trial and error. Waiting place and not to spawn mods Once you have created a layer, you have to wait in the range from 28 to 128 blocks from there. And mods must not to be spawned against X axis, Y axis Z axis within 128 blocks from this waiting place. You must make the range of 128 block
Read more

Major Maven goals

Maven is a project management tool. It has many goals which can build and deploy your projects. This article introduces about how to use goals with sample commnds. Generate project Goals mvn compile mvn test-compile mvn test mvn package mvn clean mvn install mvn site mvn idea:idea mvn eclipse:eclipse Plugins mvn jar:jar mvn war:war Tips Generate project First, you must generate test project. mvn archetype:generate -DarchetypeGroupId=org.apache.maven.archetypes -DgroupId=com.mycompany.app -DartifactId=my-app This command with those parameters will be able to generate a project. The archetypeGroupId parameter shuld be specifiled a package prepared by maven. You can also create original archetypeGroupId by myself. The groupId shuld be specified a name of package you like. The artifactId shuld be specified a name of project you like. Executing this command, you have to input any parameter to generate project. Choose a number or apply fil
Read more