How to set X-Forward-For on Apache httpd

I think you want to use X-Forwarded-For when you use a load balancer.
Because the IP address acquired by the web server becomes the IP address of the load balancer.
In this article I will show how to restrict IP using X-Forwarded-For and how to output X-Forwarded-For to the log.
Apache httpd introduced in this article is installed based on chef.

X-Forwarded-For logging

  • vim /etc/httpd/conf/httpd.conf

Create a custom log definition called "combined".

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Forwarded-For}i\"" combined
  • vim /etc/httpd/sites-enabled/000-default

000-default is the file setting VirtualHost.
Set to use combined.

CustomLog /var/log/httpd/access_default.log combined

Restrict IP with X-Forwarded-For

The following is a setting that can reject specific IP address.

  • vim /etc/httpd/sites-enabled/000-default
<VirtualHost *:80>
    SetEnvIf X-Forwarded-For "192.168.10.101" deny_ip
    SetEnvIf X-Forwarded-For "192.168.10.102" deny_ip

        <Location />
            Order allow,deny
            Allow from all
            Deny from env=deny_ip
            ProxyPass ajp://192.168.20.100:8009/sample-app/
        </Location>

        <Location /*/test/>
            Order deny,allow
            Deny from all
            Allow from env=deny_ip
            ProxyPass ajp://192.168.20.100:8009/sample-app/
        </Location>
</VirtualHost>

Use "SetEnvIf".
You can use CIDR or regular expressions to specify your IP address.
It is also necessary to accept on 80 port.

In the "/" Location setting, we deny the specified IP.
I refuse the specified IP address after allowing all.

In the "/*/test/" Location setting, we allow the specified IP.
After denying all IP addresses, only the specified IP address is allowed.

Comments

Post a Comment

Popular posts from this blog

How to show different lines on WinMerge

Select from above menu bar View -> Diff Context . And you will be able to confirm parts of differents. In addition you can choose the number of previous and next lines with the difference. For example, if you select 1, you can also check one previous and next line with the difference line. Of course you can confirm only lines with differences by choosing 0.
Read more

Detect Bluetooth LE Device with BlueZ on RaspberryPi

BlueZ is a project to control Bluetooth Device on Linux. BlueZ is also required when controlling BLE with RaspberryPi. In this article, how to install BlueZ and I tried to run a simple Python script sample with BlueZ. Versions Raspberry Pi Type B Single Board Computer 512MB Raspbian 7.8 Python 2.7 BlueZ 5.32 pybluez 0.22 Boost 1.49 Install BlueZ into RPi sudo apt-get install libdbus-1-dev libdbus-glib-1-dev libglib2.0-dev libical-dev libreadline-dev libudev-dev libusb-dev make mkdir -p work/bluetooth cd work/bluetooth wget https://www.kernel.org/pub/linux/bluetooth/bluez-5.32.tar.xz tar xvf bluez-5.32.tar.xz cd bluez-5.32 ./configure --disable-systemd --enable-library make sudo make install Manually install commands that are not installed by make. sudo cp attrib/gatttool /usr/local/bin/ sudo cp -ipr lib/ /usr/include/bluetooth.5.32 cd /usr/include sudo mv bluetooth bluetooth.4.99 sudo ln -s bluetooth.5.32/ bluetooth Detecting test with hcitool ...
Read more

What I did until many slimes spawn on slime chunk

What I did Waiting place and not to spawn mods Create Multi layers Sprinkling is the most difficult About timing when slime spawns Once Despawn A sure way Build slime farm trap tower Conclusion What I did First I found a slime chunk using Slime Finder . This is the basic in the basics. Dig into Y=40 heights in the slime chunk found. From there continue to create a space of height 3 until it hit the ground. Fills a range of 128 squares from the slime chunk with torches. Wait at least 28 blocks and not more than 128 blocks from the slime chunk. The above is the basis of how to spawn slime. But I did not spawn a lot of slime with just the above. So I repeated a lot of trial and error. Waiting place and not to spawn mods Once you have created a layer, you have to wait in the range from 28 to 128 blocks from there. And mods must not to be spawned against X axis, Y axis Z axis within 128 blocks from this waiting place. You must make the range of 128 block...
Read more