httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Schlottman <mschl...@spe.org>
Subject [users@httpd] Problem when using nested if statements in apache 2.4
Date Mon, 20 Feb 2017 17:17:34 GMT
I'm trying to configure apache 2.4 to show nice error pages to external users of our web site,
while allowing staff to see the real error.   The idea is to prevent exposing privileged information
to the general public while allowing our staff to more easily debug issues on our production
web site.   To accomplish this I am using a combination of ErrorDocument within an If statement
that evaluates the header X-Real-IP which is the IP address of the client on my server.

This seems to work, until I nest the If statements to catch all the IP ranges that I am interested
in.

For example...
<If  "! %{HTTP:X-Real-IP}  -ipmatch '172.28.1.84/32' ">
  ErrorDocument 404 /errors/404
</If>
will correctly show the nice 404 page for a user coming from 172.28.1.84.

Using this, the same user coming from 172.28.1.84 sees the nice error page.
<If  "! %{HTTP:X-Real-IP}  -ipmatch '127.0.0.0/8' ">
  ErrorDocument 404 /errors/404
</If>

Simmilarly the same user gets the nice error page when this code is used.
<If  "! %{HTTP:X-Real-IP}  -ipmatch '192.168.0.0/16' ">
  ErrorDocument 404 /errors/404
</If>

The problem comes when I combine these 2 so that all users except those coming from 127.*.*.*
or 192.168.*.* see the nice error page.
<If  "! %{HTTP:X-Real-IP}  -ipmatch '127.0.0.0/8' ">
  <If  "! %{HTTP:X-Real-IP}  -ipmatch '192.168.0.0/16' ">
    ErrorDocument 404 /errors/404
  </If>
</If>
The user from 172.28.1.84 does not get the nice 404 page, but the default 404 page.   The
IP does not match either of the ranges as observed when using the ranges individually, but
when combined in this way it does not work as expected.

Any ideas why this is?

Mike Schlottman
Sr. Infrastructure Architect
Society of Petroleum Engineers
222 Palisades Creek Drive
Richardson, TX 75080


Mime
View raw message