2 Answers
- Newest
- Most votes
- Most comments
0
Hello.
By configuring the settings as shown below, a specific global IP address can pass basic authentication.
Please enter the IP address in the "aaa" part without changing the escaped part.
For example, if you want to allow the IP address "1.1.1.1", set "SetEnvIf X-Forwarded-For "1\.1\.1\.1.*" allowed_ip".
SetEnvIf User-Agent "^ELB-HealthChecker.*$" healthcheck
SetEnvIf X-Forwarded-For "1\.1\.1\.1.*" allowed_ip
SetEnvIf X-Forwarded-For "aaa\.aaa\.aaa\.aaa.*" allowed_ip
SetEnvIf X-Forwarded-For "bbb\.bbb\.bbb\.bbb.*" allowed_ip
<RequireAny>
AuthUserFile /etc/httpd/htpasswd
AuthName "Please enter your ID and password"
AuthType Basic
Require env healthcheck allowed_ip
Require valid-user
</RequireAny>
<Files ~ "^\.(htaccess|htpasswd)$">
Require all denied
</Files>
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
Did you restart Apache after changing the settings? Also, make sure that "X-Forwarded-For" is set to "Append" in the ALB settings.
Thank you for your help, Could you please explain this "Require env healthcheck allowed_ip", eg: where env come from. Also the same variable "allowed_ip" can be used for multi IPs (eg: 1.1.1.1, aaa.aaa.aaa. and bbb.bbb.bbb)??? Thanks, again
"Require env" is set to allow the conditions of the set environment variables. For example, in this case, "healthcheck" and "allowed_ip" are environment variables. https://httpd.apache.org/docs/2.4/ja/mod/mod_authz_core.html#require
Yes, you can set multiple IP addresses.