{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 【Aperson】 的问题《Apache allow/deny IP rules not working for OpenVPN》','https://www.manongdao.com/q-753346.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have an .htaccess file that limits access to a folder. The only IP allowed is the server IP and I also protect the folder with a password:
order deny,allow
allow from X.X.X.X
deny from all
AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "test"
Require user username
This worked great when I used an SSH tunnel with dynamic port forwarding to access the folder (ssh -fND 1080 user@host.com).
Now I want to access this folder with OpenVPN installed on my server, instead of SSH. I installed the preconfigured OpenVPN Access Server on my Debian GNU/Linux Virtual Private Server and I can connect with sudo openvpn --config client.ovpn and my VPN username/password.
When visiting a website like http://whatismyipaddress.com/, I can see that my server IP address appears.
But when I access my Apache HTTP server, where the OpenVPN server is installed, I can see that my real IP address appears in /var/log/apache2/access.log.
I don't have a domain associated to this server and want to access the protected folder trough the server IP address or default domain from the hosting provider (vpsXXXXX.ovh.net).
My question may be related to the post Restricting Apache2 virtual host access only to a VPN
but I don't use a domain name to access the server.
How can the HTTP server get the OpenVPN server IP address instead of my real IP address, if servers use the same IP address (but different ports)?
That's basically the same problem as in the linked article: if you have your OpenVPN Server on 1.2.3.4 and the Apache server is listening on the same 1.2.3.4 ip, when you connect to the Apache server the connection is not routed through the VPN but normally through the Internet. And since you don't connect to the Apache server through the VPN, it will see your public IP.
One solution would be to resolve the vpsXXXXX.ovh.net domain (only for you) to the private IP somehow, which will route your connection through the VPN - maybe using a local DNS server or by manually editing your hosts file of your local computer. If you go with this approach, you will also have to make Apache listen to the private IP with
Listen x.y.z.tThere might be better solution though.
Relevant: https://forums.opensuse.org/showthread.php/481949-Running-apache-when-using-an-openvpn-connection