I have a couple websites I limit access to with apache .htaccess files. I also use Google Chrome on my iPhone, and for some reason, it was being blocked even though I specifically allow my internal subnet. Looking at the logs, I saw the request was coming from IP 220.127.116.11, or google-proxy-66-249-84-145.google.com. Ah! There’s a Data Saver feature in Chrome on iOS (guessing it’s there for Chrome on Android too). The iOS Chrome uses a Google proxy to download the webpage, do some compression/minification/etc, and then send it to the phone. They call this “Data Compression Proxy“. According to the App, it saves me about 20% of my data (which, I don’t care about when on Wifi, but on cell, it’s not a bad idea).
Anyway, you have to add a few lines to a .htaccess file to make this work right. In my case, I had the following in my .htaccess:
Deny from all
SetEnvIf X-Forwarded-For "^123\.123\.123\.123" AllowAccess
SetEnvIf X-Forwarded-For "^123\.123\.*\.*" AllowAccess
Allow from 18.104.22.168/16
Allow from 22.214.171.124
Allow from 127.0.0.1
Allow from env=AllowAccess
The important lines are the “SetEnvIf” lines. These basically set a variable/flag in Apache to the value passed in X-Forwarded-For, which is set by a Proxy Server (in this case, the Google one). Then the last line basically says “Allow anything that has the variable “Allow access” set”. The only odd thing in my case is that my iPhone seems to default to connect over IPv6, so I had to add a SetEnvIf line for my IPv6 subnet.