WebFaction
Community site: login faq

I set up a Django app on WebFaction (using mod_wsgi) and I'm having trouble configuring apache. I'm trying to make it so the site is only accessible from my own IP address (I'm trying to restrict access while I'm setting up and testing the site). In ~/webapps/django/apache2/httpd.conf I included the authz_host module and then added the following configuration:

WSGIScriptAlias / /home/user/webapps/django/mysite/apache/mysite.wsgi

<Directory /home/user/webapps/django/mysite/apache>
    Order deny,allow
    Deny from all
    Allow from 123.123.123.123
</Directory>

The site works fine when I don't try to restrict the incoming IPs, but I get a 403 (Forbidden) when I try to include the above (or any variation on it that would restrict the clients address). According to all the apache documentation I've seen this should work. Any ideas; is there something strange about webfaction or am I just doing something stupid?

asked 06 Nov '10, 13:50

ron
4127
accept rate: 0%


The problem is that, since your Apache is proxied behind our front-end server, when the requests get to your Apache they all come from 127.0.0.1, so you can't do IP checking the normal way.

Instead, you can use SetEnvIf to check the X-Forwarded-For header and set an environment variable if the IP matches a regular expression.

First, add setenvif_module and authz_host_module to your modules in httpd.conf, if you've not done so already:

LoadModule setenvif_module modules/mod_setenvif.so
LoadModule authz_host_module modules/mod_authz_host.so

Then, set a variable ('allowed' for example, but you can call it anything you want):

# "xxx\.xxx\.xxx\.xxx" is a regular expression.
# You can modify it to allow multiple IPs, ranges of IPs, etc.
SetEnvIf X-Forwarded-For xxx\.xxx\.xxx\.xxx allowed

Finally, allow access based on the variable:

<Location "/">
  Order Deny,Allow
  Deny from all
  Allow from env=allowed
</Location>

Hope that helps!

permanent link

answered 06 Nov '10, 14:34

seanf
12.2k41836
accept rate: 37%

edited 30 Jun '15, 16:55

Thanks, that was a huge help!

(06 Nov '10, 15:32) ron
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×25
×4
×1

question asked: 06 Nov '10, 13:50

question was seen: 4,165 times

last updated: 30 Jun '15, 16:55

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM