Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Apache allow/deny IP rules not working for OpenVPN on same server
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Apache allow/deny IP rules not working for OpenVPN on same server

Hello,

I have a VPS with contabo.

I installed CentOS 6, nexcloud, and OpenVPN.

I have an .htaccess file that limits access to my site. The only IP allowed is the server IP:

"Limit GET POST"

Require all denied

Require ip XXX.XXXX.XXX

"/Limit"

OpenVPN is configured correctly, I used this script:

https://github.com/sonpython/auto-openvpn-install-for-centos-debian-ubuntu

When I go on http://whatismyipaddress.com, I can see the IP address of VPS.

When I connect to the VPS, it does not work.

If I add to the .htaccess file my IP address, this works.

As if APache and OpenVPN could not work on the same VPS.

VPS sees my true IP address.

Do you have a solution ?

Thank you

Comments

  • JustAMacUserJustAMacUser Member
    edited October 2016

    I've had similar things happen. Since OpenVPN and Apache are on the same server, it's likely because of the way traffic is routed. When you're visiting your server IP via VPN from your server IP, your server IP is not what Apache sees.

    Figure out the IP (maybe a quick PHP file with <?php echo $_SERVER['REMOTE_ADDR'];' in it that you can access when coming through the VPN.

    I'm guessing it's reporting either your client IP or the VPN client IP.

    Edit: Ah.. Missed that you already figured out what IP Apache sees. So yeah, it's a routing issue as I mentioned above. You might be able to fix it with some fancy iptables rules (or similar); sorry I couldn't be more help.

  • WebiniumWebinium Member
    edited October 2016

    I found on this blog:

    https://blog.corneliupr.com/restricting-apache2-virtual-host-access-vpn/

    When I do:

    iptables -A INPUT -d 10.8.0.1 -i ! tun0 -p tcp --dport 80 -j DROP

    I get an error:

    Using intrapositioned negation (--option ! this) is deprecated in favor of extrapositioned (! --option this).

    Do you have an idea ?

  • Not sure that rule is going to do the trick but the error is telling you to move the ! character:

    iptables -A INPUT -d 10.8.0.1 ! -i tun0 -p tcp --dport 80 -j DROP
    
Sign In or Register to comment.