[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

servers behind load balancer - need to allow access based on  x-forwarded-for

Posted on 2014-08-06
5
Medium Priority
?
1,471 Views
Last Modified: 2014-08-15
I have multiple servers behind a load balancer, I am trying to deny access to certain files unless you come from our buildings IP Address. I have tried a number of different things but I cannot seem to make this work. The servers are Rackspace Cloud Servers behind a Rackspace Load Balancer. I am using .htaccess for the sites and have tried the following.

<Files myfile.php>
Order Allow,Deny
Deny from all
SetEnvIF X-Forwarded-For "x.x.x.x" AllowIP
SetEnvIF X-Forwarded-For "y.y.y.y" AllowIP
Allow from env=AllowIP
</Files>

Open in new window


So I guess the question has a couple of parts

1. Is the above the right way to do this?
2. Since it isn't working (I get denied as well as everyone else) how do tell if X-Forwarded-For is being set and see what format it is in?
3. If the above isn't the right way to do this, what is?

Thanks for your help
0
Comment
Question by:jrm213jrm213
  • 3
5 Comments
 
LVL 29

Expert Comment

by:fibo
ID: 40248349
I would rather change your code to
<Files myfile.php>
Order Allow,Deny
Deny from all
Allow from x.x.x.x y.y.y.y
</Files>

Open in new window

wich would grant access from IPs  x.x.x.x y.y.y.y and disallow from others

This has probably no effect on your expected balancing though
0
 
LVL 2

Accepted Solution

by:
Richard R earned 2000 total points
ID: 40260758
You can try something like this:

Deny from All
SetEnvIF X-Forwarded-For "1.2.3.4" AllowIP
Allow from env=AllowIP
Allow from 1.2.3.4

Open in new window


If you only have a file to protect, you can put this inside that file or inside a include.
<?php
$INCOMING = $_SERVER['HTTP_X_FORWARDED_FOR'];
$ALLOWED = "1.2.3.4";
if ($INCOMING != $ALLOWED)
{
	echo "Access denied!";
	exit;
}
?>

Open in new window


If this doesn't work. Make sure that your X-Forwarded-For header is correct, with the expected IP Address.

Hope this helps!
0
 
LVL 2

Expert Comment

by:Richard R
ID: 40263478
Any update on this? Did you get to test the solutions?
0
 
LVL 17

Author Comment

by:jrm213jrm213
ID: 40263568
Hi,

Sorry for the delay, I am apparently not getting notifications when people reply.

@rr100 your post works, I guess I am confused why you need the double entry. For exmple if
Deny from All
SetEnvIF X-Forwarded-For "1.2.3.4" AllowIP
Allow from env=AllowIP

Open in new window


why do you then need to also include,
Allow from 1.2.3.4
shouldn't AllowIP be set and that handle the allow?

So to allow from multiple ip's I need to add in

Deny from All
SetEnvIF X-Forwarded-For "1.2.3.4" AllowIP
SetEnvIF X-Forwarded-For "2.3.4.5" AllowIP
SetEnvIF X-Forwarded-For "3.4.5.6" AllowIP
Allow from env=AllowIP
Allow from 1.2.3.4
Allow from 2.3.4.5
Allow from 3.4.5.6

Open in new window


just seems redundant so I never thought to do that.
0
 
LVL 2

Expert Comment

by:Richard R
ID: 40263800
Correct, it seems redundant, I've always used it like that. But from my point of view (without reading documentations), We're assigning the IPs from X-Forwarded-For to the AllowIP, which I guess sets each one as if they were a regular client IP, after that we are allowed to add the rules to Deny or Allow, maybe think of it as a filter/converter.
That's my guess, I would have to read on it to find out exactly what happens behind the scene.

Glad it works for you though.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
The first step to building an amazing About page is to figure out what you want the page to say about your company. You then must grab the attention of the reader, boast a bit, tell a story and let others brag about you. With a little bit of thought…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.
Suggested Courses
Course of the Month17 days, 18 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question