Hi,
On Fri, Apr 24, 2020 at 10:49 PM bapt x <[email protected]> wrote:
>
> Is there a way to have the same functionality as the directive
> DenyAllButCloudflare from mod_cloudflare when using mod_remoteip?
> I would like to block access to users who try to bypass Cloudflare reverse
> proxy (e.g. accessing my web server directly by guessing the IP address). It
> looks like iptables is not a solution since I still want to host some
> websites without Cloudflare.
I did not try, but possibly a mix of mod_remoteip and mod_rewrite like this:
RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxyList /path/to/proxies.list
RewriteEngine on
RewriteCond expr "%{REMOTE_ADDR} != %{CONN_REMOTE_ADDR}"
RewriteRule ^ - [F]
With "proxies.list" containing the same list as mod_cloudflare's ([1]).
Hth,
Yann.
[1]
https://github.com/cloudflare/mod_cloudflare/blob/master/mod_cloudflare.c#L44
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
