By the way, I noticed that a VirtualHost with:
<Location "/>
Require expr "%{REMOTE_ADDR} != %{CONN_REMOTE_ADDR}"
</Location>
has a dangerous behaviour that I did not notice directly.
It made my .htaccess files visible publicly by accessing them in a web
browser when using the reverse proxy (Cloudflare).
This also resulted in my private folders requiring HTTP authentication, to
be accessible publicly since the .htaccess files were not working anymore.
The issue did not happen when setting the direct server IP address for my
domain name in the /etc/hosts file of my computer to bypass the reverse
proxy.
Do you know why it happened? The other solution using mod_rewrite does not
have this problem:
RewriteEngine on
RewriteCond expr "%{REMOTE_ADDR} == %{CONN_REMOTE_ADDR}"
RewriteRule ^ - [F]
On Sun, 26 Apr 2020 at 10:39, baptx <baptx...@gmail.com> wrote:
> Is there a way to display an error with a different message than the 403
> Forbidden page configured with "ErrorDocument 403"?
> This would improve the privacy, otherwise if a website displays a 403
> error on an admin login page restricted by IP address, someone trying to
> bypass the reverse proxy will see the same error page and could know that a
> domain name is used on the IP address.
>
>
> On Sat, 25 Apr 2020 at 18:16, baptx <baptx...@gmail.com> wrote:
>
>> It worked when using Require in a location, thanks!
>>
>>
>> On Sat, 25 Apr 2020 at 13:41, Yann Ylavic <ylavic....@gmail.com> wrote:
>>
>>> On Sat, Apr 25, 2020 at 1:24 PM baptx <baptx...@gmail.com> wrote:
>>> >
>>> > @Yann: About your last reply suggesting Require expr "%{REMOTE_ADDR}
>>> != %{CONN_REMOTE_ADDR}":
>>> > I want to restrict access on some virtualhosts only because I want to
>>> use some domain names without Cloudflare.
>>> > It looks like your previous solution with mod_rewrite is better in my
>>> case, since Require does not work in virtualhosts (I got the error:
>>> "Require not allowed in <VirtualHost> context").
>>>
>>> Ah yes, correct, it should be enclosed in a location like:
>>>
>>> <VirtualHost ...>
>>> ...
>>> RemoteIP...
>>> <Location "/">
>>> Require expr "%{REMOTE_ADDR} != %{CONN_REMOTE_ADDR}"
>>> </Location>
>>> ...
>>> </VirtualHost>
>>>
>>> >>>
>>> >>> Thanks Yann, it worked.
>>>
>>> Great!
>>>
>>> Regards,
>>> Yann.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
