Hi, On Fri, Apr 24, 2020 at 10:49 PM bapt x <baptx...@gmail.com> wrote: > > Is there a way to have the same functionality as the directive > DenyAllButCloudflare from mod_cloudflare when using mod_remoteip? > I would like to block access to users who try to bypass Cloudflare reverse > proxy (e.g. accessing my web server directly by guessing the IP address). It > looks like iptables is not a solution since I still want to host some > websites without Cloudflare.
I did not try, but possibly a mix of mod_remoteip and mod_rewrite like this: RemoteIPHeader CF-Connecting-IP RemoteIPTrustedProxyList /path/to/proxies.list RewriteEngine on RewriteCond expr "%{REMOTE_ADDR} != %{CONN_REMOTE_ADDR}" RewriteRule ^ - [F] With "proxies.list" containing the same list as mod_cloudflare's ([1]). Hth, Yann. [1] https://github.com/cloudflare/mod_cloudflare/blob/master/mod_cloudflare.c#L44 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org