Apache allow/deny IP rules not working for OpenVPN

2019-06-14 05:22发布

站内文章 / 前端开发
15 0 0

问题:

I have an .htaccess file that limits access to a folder. The only IP allowed is the server IP and I also protect the folder with a password:

order deny,allow
allow from X.X.X.X
deny from all

AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "test"
Require user username

This worked great when I used an SSH tunnel with dynamic port forwarding to access the folder (ssh -fND 1080 user@host.com).

Now I want to access this folder with OpenVPN installed on my server, instead of SSH. I installed the preconfigured OpenVPN Access Server on my Debian GNU/Linux Virtual Private Server and I can connect with sudo openvpn --config client.ovpn and my VPN username/password.

When visiting a website like http://whatismyipaddress.com/, I can see that my server IP address appears. But when I access my Apache HTTP server, where the OpenVPN server is installed, I can see that my real IP address appears in /var/log/apache2/access.log. I don't have a domain associated to this server and want to access the protected folder trough the server IP address or default domain from the hosting provider (vpsXXXXX.ovh.net). My question may be related to the post Restricting Apache2 virtual host access only to a VPN but I don't use a domain name to access the server.

How can the HTTP server get the OpenVPN server IP address instead of my real IP address, if servers use the same IP address (but different ports)?

回答1:

That's basically the same problem as in the linked article: if you have your OpenVPN Server on 1.2.3.4 and the Apache server is listening on the same 1.2.3.4 ip, when you connect to the Apache server the connection is not routed through the VPN but normally through the Internet. And since you don't connect to the Apache server through the VPN, it will see your public IP.

One solution would be to resolve the vpsXXXXX.ovh.net domain (only for you) to the private IP somehow, which will route your connection through the VPN - maybe using a local DNS server or by manually editing your hosts file of your local computer. If you go with this approach, you will also have to make Apache listen to the private IP with Listen x.y.z.t

There might be better solution though.

Relevant: https://forums.opensuse.org/showthread.php/481949-Running-apache-when-using-an-openvpn-connection



标签: apache .htaccess openvpn
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~