Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

How to restricted IP to access my web server that behind a AWS LB

0

Hello, I have an Apache webserver behind a AWS Application LB. As it is only a staging server so would like to have the restricted access as:

  1. **Only some IP addresses are allowed. **
  2. **Username/password in a httpassword file **

If visitors' IPs are out of the IP range (1), username and password will be required.

I already defined these restrictions in Apache config for my server. However, it seems that the config for IP address allowed does not work as I still have to enter username/password even I access from an allowed IP address (and also have the header of X-Forwarded-For in the request)

Note: I already follow the instruction https://docs.aws.amazon.com/elasticloadbalancing/latest/application/x-forwarded-headers.html. For X-Forwarded-For header radio button, I already selected Append or Preserve, both ways did not work

Many thanks

Temas
Cálculo
Etiquetas
Amazon EC2
Idioma
English
son
preguntada hace 7 meses308 visualizaciones
2 Respuestas
0
Respuesta aceptada

Hello.

By configuring the settings as shown below, a specific global IP address can pass basic authentication.
Please enter the IP address in the "aaa" part without changing the escaped part.
For example, if you want to allow the IP address "1.1.1.1", set "SetEnvIf X-Forwarded-For "1\.1\.1\.1.*" allowed_ip".

SetEnvIf User-Agent "^ELB-HealthChecker.*$" healthcheck
SetEnvIf X-Forwarded-For "1\.1\.1\.1.*" allowed_ip
SetEnvIf X-Forwarded-For "aaa\.aaa\.aaa\.aaa.*" allowed_ip
SetEnvIf X-Forwarded-For "bbb\.bbb\.bbb\.bbb.*" allowed_ip

<RequireAny>
    AuthUserFile /etc/httpd/htpasswd
    AuthName "Please enter your ID and password"
    AuthType Basic

    Require env healthcheck allowed_ip
    Require valid-user
</RequireAny>

<Files ~ "^\.(htaccess|htpasswd)$">
    Require all denied
</Files>
profile picture
EXPERTO
Riku_Kobayashi
respondido hace 7 meses
profile picture
EXPERTO
Gary Mclean
revisado hace 2 meses
  • Riku_Kobayashi EXPERTO
    hace 7 meses

    Did you restart Apache after changing the settings? Also, make sure that "X-Forwarded-For" is set to "Append" in the ALB settings.

    sudo systemctl restart httpd
  • son
    hace 7 meses

    Thank you for your help, Could you please explain this "Require env healthcheck allowed_ip", eg: where env come from. Also the same variable "allowed_ip" can be used for multi IPs (eg: 1.1.1.1, aaa.aaa.aaa. and bbb.bbb.bbb)??? Thanks, again

  • Riku_Kobayashi EXPERTO
    hace 7 meses

    Could you please explain this "Require env healthcheck allowed_ip", eg: where env come from.

    "Require env" is set to allow the conditions of the set environment variables. For example, in this case, "healthcheck" and "allowed_ip" are environment variables. https://httpd.apache.org/docs/2.4/ja/mod/mod_authz_core.html#require

    Also the same variable "allowed_ip" can be used for multi IPs (eg: 1.1.1.1, aaa.aaa.aaa. and bbb.bbb.bbb)???

    Yes, you can set multiple IP addresses.

0

It works correctly with Riku_Kobayashi's answer

son
respondido hace 7 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante