As part of the Network Watcher, I wanted to have
something like https://ifconfig.me/ip but that I can self host without having to install or
configure anything new.
Since I have an Apache server running as a proxy server somewhere, I decided to look into my options.
I found out that you can use mod_include since it is already compiled into httpd on RHEL systems
(though not active by default; it requires explicit configuration to do anything.)
So the .shtml script just ended up being a single line:
<!--#echo var="REMOTE_ADDR" -->This wouldn’t work by itself, so it also required some configuration on the Apache vhost file:
DocumentRoot /path/to/dir
<Directory /path/to/dir>
# Ensures that we cannot use SSI exec function, nor overwrite
# the current config
Options IncludesNOEXEC
AllowOverride None
# Tells Apache to serve .shtml files with the MIME type text/html
# so that the page is displayed and not downloaded.
AddType text/html .shtml
# We tell apache to use the SSI processor to parse the shtml files
AddOutputFilter INCLUDES .shtml
DirectoryIndex index.shtml
Require all granted
</Directory>
RewriteEngine On
# Deny invalid token
RewriteCond %{HTTP:Authorization} !^Bearer\ dummy-password$
RewriteRule .* - [F]
# Deny anything other than /
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_URI} !^/index\.shtml$
RewriteRule .* - [F]You might notice the RewriteCond %{HTTP:Authorization} line with a hardcoded password. I wanted to
have simple Bearer authorization without doing anything complicated (and I was also curious whether
it was possible.) The hardcoded password is a bit ugly (you could move it to a separate file via
Apache’s Include directive), but there is pretty much no risk even if someone can access the page,
so I can live with it.
Extra Resources
Reply by Email