I have a couple websites I limit access to with apache .htaccess files. I also use Google Chrome on my iPhone, and for some reason, it was being blocked even though I specifically allow my internal subnet. Looking at the logs, I saw the request was coming from IP 126.96.36.199, or google-proxy-66-249-84-145.google.com. Ah! There’s a Data Saver feature in Chrome on iOS (guessing it’s there for Chrome on Android too). The iOS Chrome uses a Google proxy to download the webpage, do some compression/minification/etc, and then send it to the phone. They call this “Data Compression Proxy“. According to the App, it saves me about 20% of my data (which, I don’t care about when on Wifi, but on cell, it’s not a bad idea).
Anyway, you have to add a few lines to a .htaccess file to make this work right. In my case, I had the following in my .htaccess:
Deny from all
SetEnvIf X-Forwarded-For "^123\.123\.123\.123" AllowAccess
SetEnvIf X-Forwarded-For "^123\.123\.*\.*" AllowAccess
Allow from 188.8.131.52/16
Allow from 184.108.40.206
Allow from 127.0.0.1
Allow from env=AllowAccess
The important lines are the “SetEnvIf” lines. These basically set a variable/flag in Apache to the value passed in X-Forwarded-For, which is set by a Proxy Server (in this case, the Google one). Then the last line basically says “Allow anything that has the variable “Allow access” set”. The only odd thing in my case is that my iPhone seems to default to connect over IPv6, so I had to add a SetEnvIf line for my IPv6 subnet.