logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Need Remote_Addr for the regex in SetEnvIf Request_URI
Author
DanCeg



Joined: 26 Sep 2022
Posts: 2
Location: Germany

PostPosted: Mon 26 Sep '22 13:06    Post subject: Need Remote_Addr for the regex in SetEnvIf Request_URI Reply with quote

I have a folder "my_files" on my server (Apache 2.4.29 Ubuntu) that holds files with the client id as filename.

Example: my_files/92.4.56.125

Now just clients with matching ip address should be allowed to download the corresponding file.

My approach is adding the following lines in appache2/sites-available/mydomaim.conf:

Code:
SetEnvIf Remote_Addr "(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$" IPSTR=$1

SetEnvIf Request_URI IPSTR + "$" owner_requesting

<Directory /home/server/x3d_files>
    Require env owner_requesting
</Directory>   


I am assembling the regex with IPSTR +"$" to check for a match. But IPSTR does not seem to be present at the time when SetEnvIf Request_URI is called.

I also checked if IPSTR is logged correctly by adding it to the header and, well it indeed holds the client ip.

So
Code:

SetEnvIf Remote_Addr "(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$" IPSTR=$1


ist working as expected, but is not passed to Request_URI.
Any idea?
Back to top
tangent
Moderator


Joined: 16 Aug 2020
Posts: 305
Location: UK

PostPosted: Tue 27 Sep '22 21:53    Post subject: Reply with quote

I don't believe your construct in the second SetEnvIf statement is going to work, where you appear to be trying to use the newly created IPSTR variable as a match component to the trailing part of the request URI.

Accepting the main challenge is to match the current client IP to the relevant part of the request URI, I'd switch to using mod_rewrite to solve this problem, viz:

Code:
# Enable rewrite engine
#
RewriteEngine On

# Define CLIENT_IP variable from current remote address.
#
RewriteCond %{REMOTE_ADDR} '^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$'
RewriteRule .* - [E=CLIENT_IP:%1,NE]

# Check if request URI leading path is of the form /x3d_files/xxx, where xxx matches the current client IP,
# and set VALID_CLIENT_IP variable if true.
#
RewriteCond %{ENV:CLIENT_IP} '(.+)'
RewriteCond %1#%{REQUEST_URI} '^([^#]+)#/x3d_files/\1.*$'
RewriteRule .* - [E=VALID_CLIENT_IP:TRUE,NE]

# Grant access if valid client IP found.
#
<Directory "/home/server/x3d_files">
    Require env VALID_CLIENT_IP
</Directory

Check out the mod_rewrite documentation to appreciate the detailed constructs one can create with RewriteCond coupled to RewriteRule statements, https://httpd.apache.org/docs/current/mod/mod_rewrite.html.

One other thought comes to mind.

If your clients connect through a proxy, load balancer or firewall, then the chances are REMOTE_ADDR won't contain the IP your looking for. However, well behaved proxies should pass the connecting client IP in the X-Forwarded-For header, in which case the following revised mod_rewrite logic to get the CLIENT_IP will cope with either use case.

Code:
RewriteCond %{REMOTE_ADDR} '^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$'
RewriteRule .* - [E=X_RA:%1,NE]

RewriteCond %{HTTP:X-Forwarded-For} '([\d\.]+)([,\s]*)' [NV]
RewriteRule .* - [E=CLIENT_IP:%1,NE,S=1]
RewriteCond %{ENV:X_RA} '(.+)'
RewriteRule .* - [E=CLIENT_IP:%1,NE]

Let us know if this revised solution works for you.
Back to top
DanCeg



Joined: 26 Sep 2022
Posts: 2
Location: Germany

PostPosted: Wed 28 Sep '22 13:06    Post subject: Reply with quote

Thank you very much tangent,
I appreciate you efforts.

I found a similar soloution early this morning (better to say short after midnight Smile ).

Code:

    RewriteEngine on
    RewriteCond %{REMOTE_ADDR}#$1 ^([^#]+)#\1$
    RewriteRule (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$ - [E=owner_requesting:%{REMOTE_ADDR}]
   
    <Directory /home/server/x3d_files>
       Require env owner_requesting
    </Directory>



Never the less I implemented your soloution to check if it s suitable too. And well, it does the job for me. I also appreciate your valuable addition regarding proxy and Load Balancer. I will implement it, the way you suggested.
Back to top


Reply to topic   Topic: Need Remote_Addr for the regex in SetEnvIf Request_URI View previous topic :: View next topic
Post new topic   Forum Index -> Apache