Problem with page rules

bluewhale · 2018-10-01 11:35:39 UTC

Hello Everyone,

We need some help with pagerules as we are unable to configure them as per our requirements. We will really appreciate if someone can help us out here…

We have our website which now has Cloudflare and Railgun enabled.

Everything is working perfect just as it should be.

Now we have a folder under our website, lets assume https://www.example.com/dummy/ which has restricted access based on IP authentication, configured in .htaccess of dummy folder. Which means the folder is inaccessible for outside world, except for those IP’s which are allowed using the variable “allow from” in .htaccess

Now when cloudflare is enabled, we cannot access above folder from our IP which is already alllowed in .htaccess.

We have tried to configure page rules to skip that folder, but no luck. Please find the screen shot of those rules:

Can someone please help us what we are doing wrong?

Just some more information… we have configured the rule on https:://www.example.com/dummy/*

Thank you for your suggestions and help in advance.!!

sandro · 2018-10-01 11:36:55 UTC

Are you sure you are rewriting the IP addresses so that the actual client addresses show up for the rules and log files?

bluewhale · 2018-10-01 11:38:26 UTC

Thank you for such a lighting fast reply… I am unsure what you mean here…

Could you please explain?

When cloudflare is disabled, if we access that folder from our authenticated IP (in .htaccess), we can access it fine. For rest of the world, the folder would give forbidden access denied error.

However with cloudflare enabled, even we get the same forbidden access denied error.

sandro · 2018-10-01 11:46:11 UTC

With Cloudflare everything is typically (unless the records are ) tunnelled through their servers, which means all requests arrive at your server with Cloudflare IP addresses. Cloudflare provides the original IP address in an HTTP header, however you need to rewrite the value of the connecting IP address (on the IP level) to that header in the server. With Apache you’d be using mod_remoteip for that.

Are you doing this?

bluewhale · 2018-10-01 13:33:44 UTC

Thank you. You have been very helpful. I enabled mod_remoteip on server. However, I am struggling to add rewrite rules to rewrite the value of connecting IP to that as seen in header of server.

Tried googling, but cannot find much related information. Could you please kindly guide me with these rules. Any thread / url’s for reference purpose will do.

Thanks again.

sandro · 2018-10-01 13:37:52 UTC

There are no rewrite rules - as in mod_rewrite - involved but only mod_remoteip’s configuration

https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html

RemoteIPHeader CF-Connecting-IP

should do the trick

and you should also add

RemoteIPTrustedProxy 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/12 108.162.192.0/18 131.0.72.0/22 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17

bluewhale · 2018-10-01 14:30:00 UTC

please ignore my reply… I am back to square one with same problem. I will investigate this further.

eva2000 · 2018-10-01 17:53:32 UTC

you have extra colon : in your address https::// so probably not matching the page rule you intended

bluewhale · 2018-10-02 12:13:40 UTC

Well that was just an example… so that extra colon can be ignored.

sandro · 2018-10-02 12:30:38 UTC

Do the right IP addresses show up now?