When it comes to restrict your website, there are many ways to achieve that and one of the simplest methods is with your htaccess file. But it can be a little bit tricky when you’re in a cloud environment such as the Amazon Cloud and you are using the Elastic Load Balancer.
Normally you would put something like below to allow for two IP address
Normally you would put something like below to allow for two IP address
That works great as long as you don’t sit behind a load balancer, then the system will always think you are coming from the load balancers IP which we don’t want to block. Apache stores the client IP in an environment variable called X-FORWARDED-FOR, here’s an example to allow for the same IP addresses as above.
If you want to do the opposite and block just use “Deny from env=AllowIP”
There is also a second option with mod_rpaf which can alter the header and put the X-FORWARDED-FOR value in the Client IP.
Also be careful when using PHP and checking against remote IP, $_SERVER['REMOTE_ADDR'], in this case that will contain the load balancers IP. To get the real value try and use
$_SERVER['HTTP_X_FORWARDED_FOR'] instead.
$_SERVER['HTTP_X_FORWARDED_FOR'] instead.
沒有留言:
張貼留言
歡迎熱愛 Puzzle and Dragons 的玩家一起上來討論及研究各種降臨打法。
進擊的 Puzzle and Dragons Facebook 專頁現已開幕 ~ 歡迎大家上去追查各種新舊貼。 Enjoy your Puzzle and Dragons