Join Log in
Score:0
r.cam avatar Server

Site says forbidden even though user IP address is whitelisted when using the site's IP address in the URL

la flag
r.cam

The site uses a load balancer and I have the following settings in my Apache conf.d:

<VirtualHost *:80>
  ServerName mysite.com
  ServerAlias www.testsite.org

  DocumentRoot /var/www/html/server/public

  ErrorLog /var/log/httpd/testsite.log

  <Directory /var/www/html/server/public>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
  </Directory>

  <Location "/admin/login">
    Deny from all
    SetEnvIf X-Forwarded-For ^123\.123\.123\.123 AllowIP

    Allow from env=AllowIP
    Satisfy all
  </Location>
</VirtualHost>

When I go to the site using http://testsite.org/admin/login while using a VPN(123.123.123.123), it's fine no problem. But when I use the site's IP address, http://111.111.111.111/admin/login, I get a 403 forbidden. What could be causing the issue? There is a specification where I need to use the site's IP address in the URL for monitoring purposes.

Edit: However if I go to http://111.111.111.111/search it also works fine.

27
0 + 4
Romeo Ninov avatar
in flag
Romeo Ninov
WHen you use IP apache use default host config, not a virtual host you define.
0
Reply
r.cam avatar
la flag
r.cam
Thanks for the reply @RomeoNinov. So I should add a <Location> directive and SetEnvIf X-Forwarded-For ^123\.123\.123\.123 AllowIP inside the default host config?
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
Instead of adding various tricks into configuration, just don't access your web server using IP. This is long time (20+ years, since Host header widespread) discouraged. Use names.
1
Reply
ezra-s avatar
ru flag
ezra-s
Do not use "Allow/Deny, Satisfy"directives, they are from 2.2 version. Use "Require env" instead, and only that if that's the only elements you want to allow.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.