I have an apache2 vHost configuration with ProxyPass / ProxyPassReverse and need to restrict the access to some static IP addresses and to all Pingdom IP addresses.
The list of Pingdom IP addresses is a file list with one IP address per line:
5.172.196.188
5.178.78.77
13.232.220.164
23.22.2.46
23.83.129.219
23.111.152.74
.
.
.
The full IP address list can be found at https://my.pingdom.com/probes/ipv4.
I have downloaded the Pingdom IP address list as I did not found any solution for reading the list directly from their web site.
Allow/Deny works as expected as long as I have not configured the Allow from env=PINGDOM. As soon as I add the before mentioned configuration line, all client IP addresses are able to reach the site.
<VirtualHost *:443>
ServerAdmin contact@example.com
ServerName site.example.com
RewriteEngine on
RewriteMap allowed "txt:/var/www/pingdom_ip_addresses"
UnsetEnv PINGDOM
RewriteCond ${allowed:%{REMOTE_ADDR}} ""
RewriteRule ^ - [E=PINGDOM]
<Proxy *>
Order Deny,Allow
Deny from all
# Static IPs
Allow from 1.2.3.10/32
Allow from 1.2.3.20/32
# Pingdom
Allow from env=PINGDOM
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/example-site/
ProxyPassReverse / http://localhost:8080/example-site/
SSLEngine ON
SSLCertificateFile /etc/letsencrypt/live/site.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site.example.com/privkey.pem
</VirtualHost>
Found a similar solution here: https://stackoverflow.com/a/53012839
But there, the IP address list file does have a 1 next to each IP address. The Pingdom list does not have this.
How does my rule need to look like to work as expected?
