For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

stolivar_88319's avatar
stolivar_88319
Icon for Nimbostratus rankNimbostratus
Feb 11, 2009

.htaccess no longer denying pages to non specified IP addresses

Seems i have ran into another problem. Websites that have .htaccess files in directories that restrict viewing a page if you don't match an IP isn't working anymore.     my .htaccess look...
config
design
stolivar_88319's avatar
stolivar_88319
Icon for Nimbostratus rankNimbostratus
Feb 13, 2009
I haven't head back from my network guys yet.

 

 

I did find this at http://www.it.emory.edu/showdoc.cfm?docid=11252&fr=1092

 

Apache Notes

 

 

Because of a quirk of our load balancer configuration, all incoming requests seem to come from the load balancer's IP address. If you want to restrict access to content based on source IP address in a .htaccess file, something like this will not work:

 

 

deny from all

 

allow from 170.140.0.0/16 163.246.0.0/16

 

 

Instead, use mod_rewrite to inspect the X-Forwarded-For header:

 

 

RewriteEngine on

 

RewriteCond %{HTTP:X-Forwarded-For} "!(170\.140|163\.246)\.[0-9]{1,3}\.[0-9]{1,3}$"

 

RewriteRule .* - [F]

 

 

 

But I can't get it to work when I change the condition to my IPs, just blocks everything.