Hi Guys,
Hoping you can help me with a current issue.
We have a customer who is using Sucuri Web Firewall services which is basically a proxy server to the clients website hosted on one of our Litespeed Servers.
They want to use a .htaccess set of rules to deny anybody trying to directly access the site via a hosts file entry as an example, without it coming from the web proxy server(s).
In General Settings of Litespeed Config we have 'Use Client IP in Header' set to 'Yes' so as I understand it the IP will always be from the Client accessing the site, not the proxy server IP.
The .htaccess they want to use is:
order deny,allow
deny from all
allow from env=allowclient
SetEnvIf PROXY_REMOTE_ADDR 192.88.134.10 allowclient
SetEnvIf PROXY_REMOTE_ADDR 192.88.135.10 allowclient
SetEnvIf PROXY_REMOTE_ADDR 185.93.228.10 allowclient
SetEnvIf PROXY_REMOTE_ADDR 185.93.229.10 allowclient
SetEnvIf PROXY_REMOTE_ADDR 185.93.230.10 allowclient
SetEnvIf PROXY_REMOTE_ADDR ^192.88. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^185.93. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^192.124.249. allowclient
SetEnvIf PROXY_REMOTE_ADDR 199.223.236.179 allowclient
SetEnvIf PROXY_REMOTE_ADDR 146.148.117.213 allowclient
SetEnvIf PROXY_REMOTE_ADDR 23.251.134.134 allowclient
SetEnvIf PROXY_REMOTE_ADDR 178.33.238.180 allowclient
SetEnvIf PROXY_REMOTE_ADDR ^142.4.217. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^167.114.0. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^192.99.17. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^5.196.79. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^130.211. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^104.155. allowclient
However it simply doesn't work and I'm not sure how to change the above rules to suit Litespeed.
I believe it would need to be changed to a RewriteRule, but everything I've tried doesn't seem to work.
Any ideas would be most appreciated.
Cheers,
Craig
Hoping you can help me with a current issue.
We have a customer who is using Sucuri Web Firewall services which is basically a proxy server to the clients website hosted on one of our Litespeed Servers.
They want to use a .htaccess set of rules to deny anybody trying to directly access the site via a hosts file entry as an example, without it coming from the web proxy server(s).
In General Settings of Litespeed Config we have 'Use Client IP in Header' set to 'Yes' so as I understand it the IP will always be from the Client accessing the site, not the proxy server IP.
The .htaccess they want to use is:
order deny,allow
deny from all
allow from env=allowclient
SetEnvIf PROXY_REMOTE_ADDR 192.88.134.10 allowclient
SetEnvIf PROXY_REMOTE_ADDR 192.88.135.10 allowclient
SetEnvIf PROXY_REMOTE_ADDR 185.93.228.10 allowclient
SetEnvIf PROXY_REMOTE_ADDR 185.93.229.10 allowclient
SetEnvIf PROXY_REMOTE_ADDR 185.93.230.10 allowclient
SetEnvIf PROXY_REMOTE_ADDR ^192.88. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^185.93. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^192.124.249. allowclient
SetEnvIf PROXY_REMOTE_ADDR 199.223.236.179 allowclient
SetEnvIf PROXY_REMOTE_ADDR 146.148.117.213 allowclient
SetEnvIf PROXY_REMOTE_ADDR 23.251.134.134 allowclient
SetEnvIf PROXY_REMOTE_ADDR 178.33.238.180 allowclient
SetEnvIf PROXY_REMOTE_ADDR ^142.4.217. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^167.114.0. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^192.99.17. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^5.196.79. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^130.211. allowclient
SetEnvIf PROXY_REMOTE_ADDR ^104.155. allowclient
However it simply doesn't work and I'm not sure how to change the above rules to suit Litespeed.
I believe it would need to be changed to a RewriteRule, but everything I've tried doesn't seem to work.
Any ideas would be most appreciated.
Cheers,
Craig