VPN access to ip-secured .htaccess file

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Jera
OpenVpn Newbie
Posts: 1
Joined: Sun Mar 19, 2017 9:40 am

VPN access to ip-secured .htaccess file

Post by Jera » Sun Mar 19, 2017 9:41 am

I am trying to get external access to update my self-hosted websites through my self-hosted vpn. The sites are locked to accept certain ip ranges, which is fine for updating when I'm on my home network. However, I wanted to be able to VPN into the network to update them.

For some reason, whenever I use my VPN the server sees my ip as my original public one rather than either an internal address assigned by the VPN or as the web-facing address of the server.

Ideally I want to be able to whitelist the VPN assigned internal addresses, but the server (in this case Apache) only sees the original ip of the connecting machine, which is a bit useless as it's dynamic.

Clients show the correct ip when accessing the web and all client traffic is set to direct through the VPN.

Any advice greatly appreciated!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN access to ip-secured .htaccess file

Post by TinCanTech » Sun Mar 19, 2017 11:54 am

Jera wrote:Clients show the correct ip when accessing the web and all client traffic is set to direct through the VPN
Jera wrote:For some reason, whenever I use my VPN the server sees my ip as my original public one rather than either an internal address assigned by the VPN or as the web-facing address of the server.
That is how --redirect-gateway works .. it is explained in the manual.

Try using the VPN address of the server.

nehakakar
OpenVpn Newbie
Posts: 11
Joined: Tue Jul 11, 2023 1:29 pm

Re: VPN access to ip-secured .htaccess file

Post by nehakakar » Tue Jul 11, 2023 8:00 pm

Try whitelist VPN-assigned internal IP addresses in your .htaccess

Code: Select all

SetEnvIf X-Forwarded-For "^10\.8\." VPN
SetEnvIf X-Forwarded-For "^192\.168\." VPN

<RequireAll>
    Require all granted
    Require env VPN
</RequireAll>
Note: If you're not using a reverse proxy or the X-Forwarded-For header is not being set correctly, you may need to adjust the code accordingly or investigate other options for passing the client's internal IP address to Apache.

Post Reply