Handling resources, redirects and other operations is very easy and useful using the .htaccess file of Apache web server.
Sometimes, we want to block or redirect traffic based on its network IP address.
But what to do when %{REMOTE_ADDR} returns the wrong address?
%{REMOTE_ADDR} and %{REMOTE_HOST} are operators for the .htaccess file. They give out the IP address and the hostname (if available).
Sometimes, if your hosted site is behind a firewall or a proxy service such as CloudFlare, those parameters %{REMOTE_ADDR} won’t give you the right address.
if %{REMOTE_ADDR} doesn’t give you the right values, you could try using %{HTTP:X-FORWARDED-FOR} , which should save the correct IP Address. This is used by the proxy servers to indicate the original address of the clients.
This tip is also relevant for those who read Add two-step authentication to WordPress
An example usage to give 410 (gone) error code to all users but the listed IPs
I used this to block all traffic from my test website for human visitors, and remove the results from Google Search.
1 2 3 4 |
ErrorDocument 410 /410-page.html RewriteCond %{HTTP:X-FORWARDED-FOR} !^123\.123\.134\.42$ RewriteCond %{HTTP:X-FORWARDED-FOR} !^123\.44\.55\.1662$ RewriteRule $ / [R=410,L] |
First, we declare what’s the custom 410 page the clients need to see and then point everyone except our own IP to the error page.