How do I serve CSP based on client IP with multiple IP's in .htaccess?

Question

-Mac

-Apache

-PHP7

-Wordpress

I want to serve a lenient CSP to my self and another person(s), but have a strict CSP for everyone else. The code I currently use works when I just use my own IP, but I can't figure out how to add another. I'm a beginner at all of this so keep that in mind. I found them for this snippet here

And here is my code:

<IfModule mod_headers.c>
# Serve CSP based on client IP
<If "-R 'MY IP'">
  Header always set Content-Security-Policy "default-src 'self'; script-    src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' data:"
</If>

Stephen R · Answer 1 · 2018-05-07T19:23:51.873

0

Instead of setting it from Server settings, output the CSP headers from your site’s code. You can then easily vary your headers based on who is logged in, or any other criteria you choose.

EDIT TO ADD: PHP can send CSP headers via the header() function --secure.php.net/manual/en/function.header.php . For example:

header( "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; object-src 'none'; font-src 'self' data:" );

edited May 07 '18 at 19:23

answered May 05 '18 at 01:03

Stephen R

3,512
1
28
45

I'm not sure how to go about that? – JLB May 07 '18 at 16:12
So with this, how would I vary the header based on who is logged or other criteria? – JLB May 07 '18 at 20:55

How do I serve CSP based on client IP with multiple IP's in .htaccess?

1 Answers1