1

I have a problem with DirectAdmin and firewall. The following statement doesn't work:

SetEnvIf Remote_Addr "x.x.x.x" TRUST=yes

Apache doesn't respond to above instruction.

The instruction is part of the following whole:

Alias /.well-known "/var/www/html/.well-known"


RewriteEngine On

RewriteCond %{REQUEST_URI} !^/.well-known/(.*)
RewriteCond %{HTTPS} !=on

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

ProxyPass /.well-known !
SetEnvIf Remote_Addr "111.222.33.123" TRUST=yes
SetEnvIf Remote_Addr "111.222.33.223" TRUST=yes
SetEnvIf Remote_Addr "111.222.33.114" TRUST=yes
SetEnvIf Remote_Addr "111.222.33.223" TRUST=yes
SetEnvIf Remote_Addr "111.222.33.115" TRUST=yes
SetEnvIf Remote_Addr "111.222.33.234" TRUST=yes
SetEnvIf Remote_Addr "127.0.0.1" TRUST=yes

ProxyPass "/" "http://localhost:3001/"
ProxyPassReverse "/" "http://localhost:3001/"
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

Apache doesn't respond to SetEnvIf Remote_Addr "x.x.x.x" TRUST=yes. Where is the problem?

Maciej Osytek
  • 36
  • 1
  • 4
  • 1
    Where exactly are these directives? (It doesn't really make sense to have the mod_rewrite HTTP to HTTPS redirect in the same context as the `Header` directive that sets the STS header, since the STS header should ideally only be set on HTTPS responses.) – MrWhite Mar 15 '23 at 00:22

1 Answers1

1

If you are behind a firewall/proxy then Remote_Addr is likely going to be the IP address of the firewall, not of the client making the connection.

Try checking the X-Forwarded-For HTTP request header instead for the client's IP address, but note that this can potentially contain multiple (comma separated) IP addresses (the client IP address being the first). For example:

SetEnvIf X-Forwarded-For "^111\.222\.33\.123\b" TRUST=yes

If X-Forwarded-For is not set then check for other similar headers in the HTTP request.

MrWhite
  • 43,179
  • 8
  • 60
  • 84