En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

How to restricted IP to access my web server that behind a AWS LB

0

Hello, I have an Apache webserver behind a AWS Application LB. As it is only a staging server so would like to have the restricted access as:

  1. **Only some IP addresses are allowed. **
  2. **Username/password in a httpassword file **

If visitors' IPs are out of the IP range (1), username and password will be required.

I already defined these restrictions in Apache config for my server. However, it seems that the config for IP address allowed does not work as I still have to enter username/password even I access from an allowed IP address (and also have the header of X-Forwarded-For in the request)

Note: I already follow the instruction https://docs.aws.amazon.com/elasticloadbalancing/latest/application/x-forwarded-headers.html. For X-Forwarded-For header radio button, I already selected Append or Preserve, both ways did not work

Many thanks

Sujets
Calcul
Balises
Amazon EC2
Langue
English
son
demandé il y a 7 mois307 vues
2 réponses
0
Réponse acceptée

Hello.

By configuring the settings as shown below, a specific global IP address can pass basic authentication.
Please enter the IP address in the "aaa" part without changing the escaped part.
For example, if you want to allow the IP address "1.1.1.1", set "SetEnvIf X-Forwarded-For "1\.1\.1\.1.*" allowed_ip".

SetEnvIf User-Agent "^ELB-HealthChecker.*$" healthcheck
SetEnvIf X-Forwarded-For "1\.1\.1\.1.*" allowed_ip
SetEnvIf X-Forwarded-For "aaa\.aaa\.aaa\.aaa.*" allowed_ip
SetEnvIf X-Forwarded-For "bbb\.bbb\.bbb\.bbb.*" allowed_ip

<RequireAny>
    AuthUserFile /etc/httpd/htpasswd
    AuthName "Please enter your ID and password"
    AuthType Basic

    Require env healthcheck allowed_ip
    Require valid-user
</RequireAny>

<Files ~ "^\.(htaccess|htpasswd)$">
    Require all denied
</Files>
profile picture
EXPERT
Riku_Kobayashi
répondu il y a 7 mois
profile picture
EXPERT
Gary Mclean
vérifié il y a 2 mois
  • Riku_Kobayashi EXPERT
    il y a 7 mois

    Did you restart Apache after changing the settings? Also, make sure that "X-Forwarded-For" is set to "Append" in the ALB settings.

    sudo systemctl restart httpd
  • son
    il y a 7 mois

    Thank you for your help, Could you please explain this "Require env healthcheck allowed_ip", eg: where env come from. Also the same variable "allowed_ip" can be used for multi IPs (eg: 1.1.1.1, aaa.aaa.aaa. and bbb.bbb.bbb)??? Thanks, again

  • Riku_Kobayashi EXPERT
    il y a 7 mois

    Could you please explain this "Require env healthcheck allowed_ip", eg: where env come from.

    "Require env" is set to allow the conditions of the set environment variables. For example, in this case, "healthcheck" and "allowed_ip" are environment variables. https://httpd.apache.org/docs/2.4/ja/mod/mod_authz_core.html#require

    Also the same variable "allowed_ip" can be used for multi IPs (eg: 1.1.1.1, aaa.aaa.aaa. and bbb.bbb.bbb)???

    Yes, you can set multiple IP addresses.

0

It works correctly with Riku_Kobayashi's answer

son
répondu il y a 7 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents