I'm behind cloudflare dns and i'm trying to block specific client's ips that spams my website, i understood that i can achieve this by adding a SetEnvIf rule inside my virtualhost config that deny the reques when the blacklisted ip is in the X-Forwarded-For header, so i tried to do that.
The virtuaHost config now looks like this
<VirtualHost *:80>
ServerName xxx
ServerAlias xxx
ServerAdmin xxx
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLProxyEngine on
SetEnv proxy-initial-not-pooled 1
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:5004/
ProxyPassReverse / http://localhost:5004
LogFormat '"%h" "%l" "%u" "%t" "%r" "%>s" "%b" "%{X-Forwarded-For}i" "%{CF-Connecting-IP}i" ' forwardedFor
CustomLog /var/log/apache2/forwardedFor.log forwardedFor
# part that should block the spam from the ip 185.237.14.42
<Location />
Order Allow,Deny
SetEnvIf X-Forwarded-For ^185\.237\.14\.42 DenyAccess
Allow from all
Deny from env=DenyAccess
</Location>
</VirtualHost>
I've also tried by targetting the CF-Connecting-IP header instead of the X-Forwarded-For since cloduflare set that header to point out the client ip
in both cases whenever i run apache2 with the part of configuration inside the <Location> tag the requests from all the clients are blocked with 403 status and inside the error.log of apache the following is printed
[Sun Feb 20 13:17:28.494348 2022] [access_compat:error] [pid 65797] [client 162.158.103.169:48030] AH01797: client denied by server configuration: proxy:http://localhost:5004/token/
So how can i succesfully block only the requests coming from the ip 185.237.14.42 and not every request ?
