Apache SetEnvIf Logical AND with Two Variables

In trying to adjust the method of logging in Apache, it was found logical to have the configuration perform an AND on two variables to validate one format vs another. I had not found much detail on this, until making my way to: http://stephane.lesimple.fr/blog/2010-01-28/apache-logical-or-and-conditions-with-setenvif.html. From the page archived, I had the following:

CustomLog /var/log/apache2/loopback_posts.log combined env=posting_myself
SetEnvIf Remote_Addr "^" loopback_ip=0
SetEnvIf Remote_Addr "^127\.0\.0\.1$" loopback_ip=1
SetEnvIf Request_Method "POST" posting_myself
SetEnvIf loopback_ip 0 !posting_myself

In my example, it was not able to work as shown above, but not of by much.  We quoted the last 0 in the lines we had written, giving us the following example:

SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
SetEnvIf Remote_Addr "^" LB_ip=0
SetEnvIf Remote_Addr "10\.11\.0\.254" LB_ip=1
SetEnvIf LB_ip "0" !forwarded
CustomLog logs/access_log proxy env=forwarded
CustomLog logs/access_log combined env=!forwarded

When tested, requests coming from the LB IP are listed as trusted, and only trusted requests are adjusted and trusted as having been forwarded.  Other requests, we can assume (based on topology) with x-forwarded-for header are identified as falsified.





Leave a Reply

Your email address will not be published. Required fields are marked *