You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Emmanuel.Leguy" <Em...@lifl.fr> on 2006/06/13 15:48:35 UTC
[users@httpd] mod_proxy, mod_authz_host and .htaccess
Hello,
Config:
- Reverse proxy server: solaris 9, apache 2.2
- Proxied server: solaris 9, apache 2.2
Requests to userdir are reverse proxied:
http://www.real.fr/~login -> http://www.priv/~login
Some users use a .htaccess file with order, allow and deny directives:
order deny,allow
deny from all
allow from ipaddresses
but all requests to www.priv are send from only one address: the
www.real.fr's one (reverse proxy server). So the deny/allow directives
have this binary effect:
- if www.real.fr's ip address is in ipaddresses, requests are allways ok
- if www.real.fr's ip address is not in ipaddresses, request are allways
blocked.
Is there a way that the request appear to be sent by the end client and
not the reverse proxy server?
Notice: i tried the proxy directive with success but i want the users to
be able to configure it in there .htaccess.
Thank you,
Manu.
--
Emmanuel Leguy LIFL - UMR8022 CNRS - Bat M3
Tel: +33 3 28 77 85 32 USTL - Universite de Lille 1
Fax: +33 3 28 77 85 37 59655 VILLENEUVE D'ASCQ CEDEX - FRANCE
mailto:Emmanuel.Leguy@lifl.fr http://www.lifl.fr/ANNUAIRE/employee.php?login=leguye
Ce mail est signe par un certificat X509 fourni par le CNRS
La verification de ce certificat peut etre faite a l'adresse suivante:
http://igc.services.cnrs.fr/CNRS-Standard/recherche.html
Re: [users@httpd] mod_proxy, mod_authz_host and .htaccess
Posted by Joshua Slive <jo...@slive.ca>.
On 6/13/06, Emmanuel.Leguy <Em...@lifl.fr> wrote:
> Hello,
>
> Config:
> - Reverse proxy server: solaris 9, apache 2.2
> - Proxied server: solaris 9, apache 2.2
>
> Requests to userdir are reverse proxied:
>
> http://www.real.fr/~login -> http://www.priv/~login
>
> Some users use a .htaccess file with order, allow and deny directives:
>
> order deny,allow
> deny from all
> allow from ipaddresses
>
> but all requests to www.priv are send from only one address: the
> www.real.fr's one (reverse proxy server). So the deny/allow directives
> have this binary effect:
> - if www.real.fr's ip address is in ipaddresses, requests are allways ok
> - if www.real.fr's ip address is not in ipaddresses, request are allways
> blocked.
> Is there a way that the request appear to be sent by the end client and
> not the reverse proxy server?
Not easily. You could tell your users to use SetEnvIf to test the
X-Forwarded-For header, which contains the real IP address. But this
is much more complicated.
You could also take a look at mod_extract_forwarded (google for it).
It was designed for 2.0, but I bet it would work for 2.2.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org