Project

General

Profile

[Solved] Allow access from domain and local IP range, but not public IP.

Added by Jappe about 2 months ago

Hello, I have a very basic question.
I know I can allow access only from a domain by using
$HTTP["host"] != "example.org" {
url.access-allow = ( "" )
}

So it's not accessible via the public IP, which is fine.
At the same time I also want to use

$HTTP["remoteip"] != "192.168.1.0/24" {
HTTP["url"] =~ "^/example/" {
url.access-deny = ( "" )
}
}

for some stuff which should be only accessible from inside my LAN.

I'm not able to combine these two conditions together.
How can this be solved?


Replies (4)

RE: Allow access from domain and local IP range, but not public IP. - Added by Jappe about 2 months ago

Ok I found it out by myself.
I just misunderstood the two terms host and remoteip , because when I call my device via the local IP it's also a host value. The remote IP is the IP from where the call is coming (just to make it clear is somebody has so little knowledge like me and finds this thread :)

My solution:

$HTTP["host"] !~ "example.org|192.168.254.254" {
url.access-deny = ( "" )
}

Where 192.168.254.254 is the LAN IP of the device.

Nothing changed for the remoteip restriction stuff.

Cheers

RE: Allow access from domain and local IP range, but not public IP. - Added by gstrauss about 2 months ago

I'm not able to combine these two conditions together.
How can this be solved?

So what your saying is: "I can not get things to work but I am not going to show you what I tried"

Please read the doc and show your work, or else be ignored.

How to get support
lighttpd wiki
Configuration: File Syntax

RE: Allow access from domain and local IP range, but not public IP. - Added by gstrauss about 2 months ago

You posted moments before I did.

Glad you found a solution. The remote IP is the IP of the client, which is remote from the server. The server IP (listening IP) is local to the server.

To create a condition based on a listening IP, use $SERVER["socket"].
Configuration: File Syntax

RE: [Solved] Allow access from domain and local IP range, but not public IP. - Added by gstrauss about 2 months ago

What is sent by the client in the Host header in the HTTP request (which could be "example.org" or could be "192.168.254.254") is distinct from the actual remote or local IPs of the TCP connection.

If you want lighttpd to listen only on your local LAN: server.bind = "192.168.254.254" rather than the default "0.0.0.0"

    (1-4/4)