Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Need Remote_Addr for the regex in SetEnvIf Request_URI |
|
| Author |
|
DanCeg
Joined: 26 Sep 2022
Posts: 2
Location: Germany
|
 Posted: Mon 26 Sep '22 13:06 Post subject: Need Remote_Addr for the regex in SetEnvIf Request_URI |
 |
|
I have a folder "my_files" on my server (Apache 2.4.29 Ubuntu) that holds files with the client id as filename.
Example: my_files/92.4.56.125
Now just clients with matching ip address should be allowed to download the corresponding file.
My approach is adding the following lines in appache2/sites-available/mydomaim.conf:
| Code: | SetEnvIf Remote_Addr "(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$" IPSTR=$1
SetEnvIf Request_URI IPSTR + "$" owner_requesting
<Directory /home/server/x3d_files>
Require env owner_requesting
</Directory> |
I am assembling the regex with IPSTR +"$" to check for a match. But IPSTR does not seem to be present at the time when SetEnvIf Request_URI is called.
I also checked if IPSTR is logged correctly by adding it to the header and, well it indeed holds the client ip.
So
| Code: |
SetEnvIf Remote_Addr "(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$" IPSTR=$1
|
ist working as expected, but is not passed to Request_URI.
Any idea? |
|
| Back to top |
|
tangent
Moderator
Joined: 16 Aug 2020
Posts: 348
Location: UK
|
| Posted: Tue 27 Sep '22 21:53 Post subject: |
|
|
I don't believe your construct in the second SetEnvIf statement is going to work, where you appear to be trying to use the newly created IPSTR variable as a match component to the trailing part of the request URI.
Accepting the main challenge is to match the current client IP to the relevant part of the request URI, I'd switch to using mod_rewrite to solve this problem, viz:
| Code: | # Enable rewrite engine
#
RewriteEngine On
# Define CLIENT_IP variable from current remote address.
#
RewriteCond %{REMOTE_ADDR} '^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$'
RewriteRule .* - [E=CLIENT_IP:%1,NE]
# Check if request URI leading path is of the form /x3d_files/xxx, where xxx matches the current client IP,
# and set VALID_CLIENT_IP variable if true.
#
RewriteCond %{ENV:CLIENT_IP} '(.+)'
RewriteCond %1#%{REQUEST_URI} '^([^#]+)#/x3d_files/\1.*$'
RewriteRule .* - [E=VALID_CLIENT_IP:TRUE,NE]
# Grant access if valid client IP found.
#
<Directory "/home/server/x3d_files">
Require env VALID_CLIENT_IP
</Directory
|
Check out the mod_rewrite documentation to appreciate the detailed constructs one can create with RewriteCond coupled to RewriteRule statements, https://httpd.apache.org/docs/current/mod/mod_rewrite.html.
One other thought comes to mind.
If your clients connect through a proxy, load balancer or firewall, then the chances are REMOTE_ADDR won't contain the IP your looking for. However, well behaved proxies should pass the connecting client IP in the X-Forwarded-For header, in which case the following revised mod_rewrite logic to get the CLIENT_IP will cope with either use case.
| Code: | RewriteCond %{REMOTE_ADDR} '^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$'
RewriteRule .* - [E=X_RA:%1,NE]
RewriteCond %{HTTP:X-Forwarded-For} '([\d\.]+)([,\s]*)' [NV]
RewriteRule .* - [E=CLIENT_IP:%1,NE,S=1]
RewriteCond %{ENV:X_RA} '(.+)'
RewriteRule .* - [E=CLIENT_IP:%1,NE]
|
Let us know if this revised solution works for you. |
|
| Back to top |
|
DanCeg
Joined: 26 Sep 2022
Posts: 2
Location: Germany
|
| Posted: Wed 28 Sep '22 13:06 Post subject: |
|
|
Thank you very much tangent,
I appreciate you efforts.
I found a similar soloution early this morning (better to say short after midnight  ).
| Code: |
RewriteEngine on
RewriteCond %{REMOTE_ADDR}#$1 ^([^#]+)#\1$
RewriteRule (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$ - [E=owner_requesting:%{REMOTE_ADDR}]
<Directory /home/server/x3d_files>
Require env owner_requesting
</Directory>
|
Never the less I implemented your soloution to check if it s suitable too. And well, it does the job for me. I also appreciate your valuable addition regarding proxy and Load Balancer. I will implement it, the way you suggested. |
|
| Back to top |
|
|
|
|
|
|
