RewriteCond 不允许我的IP地址通过

huangapple go评论52阅读模式
英文:

RewriteCond doesn't let my IP address through

问题

我想将对我的开发站点的访问限制为仅允许我的IP地址(例如 123.123.123.123)。

我在我的.htaccess文件中有以下内容。然而,我仍然被重定向到/dev_site_notice.html

我是否正确指定了这个?

SetEnvIf X-Forwarded-Proto https HTTPS=on
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteCond %{REQUEST_URI} !/dev_site_notice.html$ [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]
RewriteRule .* /dev_site_notice.html [R=302,L]
英文:

I want to restrict access to my dev site to just my IP address. (eg 123.123.123.123)

I have the following in my .htaccess file. However I still get redirected to /dev_site_notice.html.

Am I specifying this correctly?

SetEnvIf X-Forwarded-Proto https HTTPS=on
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteCond %{REQUEST_URI} !/dev_site_notice.html$ [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]
RewriteRule .* /dev_site_notice.html [R=302,L]

答案1

得分: 2

SetEnvIf X-Forwarded-Proto https HTTPS=on
RewriteCond %{REMOTE_ADDR} !^123.123.123.123

如果您在SetEnvIf指令中检查X-Forwarded-Proto头部,那么这意味着您位于代理服务器后面(否则应该移除此指令)。如果是这种情况,REMOTE_ADDR服务器变量将是代理的IP地址,而不是客户端的IP地址。

只有当您位于代理服务器后面时,才应该检查X-Forwarded-For HTTP请求头。例如:

RewriteCond %{HTTP:X-Forwarded-For} !^123\.123\.123\.123($|\D)

请注意,X-Forwarded-For头部可能包含多个(逗号分隔的)IP地址,这取决于请求是否经过多个代理。客户端IP通常在最左边,但您可能需要与代理确认这一点。因此,正则表达式不应以$结尾(与您的原始正则表达式无关),而应以($|\D)结尾(字符串结尾或非数字字符)。

X-Forwarded-For头部是事实上的标准,但它在代理之间可能有所不同。当请求经过代理时,代理服务器会设置此头部。

英文:

> SetEnvIf X-Forwarded-Proto https HTTPS=on
> RewriteCond %{REMOTE_ADDR} !^123.123.123.123

If you are checking for the X-Forwarded-Proto header in the SetEnvIf directive then it implies you are behind a proxy server (otherwise this directive should be removed). If this is the case then the REMOTE_ADDR server variable is the IP address of the proxy, not the client IP address.

If (and only if) you are behind a proxy then you should be checking the X-Forwarded-For HTTP request header instead. For example:

RewriteCond %{HTTP:X-Forwarded-For} !^123\.123\.123\.123($|\D)

Note that the X-Forwarded-For header can contain multiple (comma-separated) IP addresses, depending on whether the request has gone through several proxies. The client-IP is usually first (left-most), but you may need to confirm this with the proxy. For this reason, the regex should not end with $ (not that your original regex did anyway), but rather ($|\D) (end-of-string OR not a digit).

The X-Forwarded-For header is the defacto standard, but it can vary from proxy to proxy. It is the proxy server that sets this header, when the request passes through.

huangapple
  • 本文由 发表于 2023年2月14日 07:34:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/75442152.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定