Apache Require IP directive not working

Question

I have the following in my apache config file:

Define THUMBS_ROOT "//mysmbserver/website/thumbs"
Alias "/thumbs" "//mysmbserver/website/thumbs"
<Directory {THUMBS_ROOT}>
    Options Indexes FollowSymLinks
    <RequireAny>
        Require ip 66.54.56.34
        Require ip 159.101.84.4
    </RequireAny>
</Directory>
LoadModule authz_core_module modules/mod_authz_core.so

My apache version is Apache/2.4.29 (Win64). (Yes I realise this is an old version of Apache - I can't upgrade due to it being an appliance device)

Even those I've added RequireAny and RequireIP apache is ignoring this and allowing any IP to access the thumbs directory. I can't figure out why. Can anyone help me understand?

Further complicating matters I have a load balancer device sitting in front of apache so really what I need to be looking at is X-Forwarded-For not the source IP. I'm not sure offhand if I need to do anything for RequireIP to detect X-Forwarded-For?

Either way though its allowing access regardless of IP.

Edit: I've also tried:

LoadModule authz_core_module modules/mod_authz_core.so
Define THUMBS_ROOT "//mysmbserver/website/thumbs"
Alias "/thumbs" "//mysmbserver/website/thumbs"

SetEnvIF X-Forwarded-For "66.54.56.34" AllowIP1
SetEnvIF X-Forwarded-For "159.101.84.4" AllowIP2

<Directory {THUMBS_ROOT}>
    Options Indexes FollowSymLinks
    <RequireAny>
        Require env AllowIP1
        Require env AllowIP2
    </RequireAny>
</Directory>

That doesn't work either.

Answer 1

According to the documentation, the path in a <Directory> directive has to be a file system path, not an alias or variable. So I think your directive isn't having any effect, since there's no path {THUMBS_ROOT} in the file system.

Possible options:

• <Directory //mysmbserver/website/thumbs>. I don't know if this will work, but it might if Windows treats it as a valid file system path.
• <Location /thumbs>