I'm using a load balancer in front of my web servers which means all connections come from 192.168.x.x (or other internal lan segment). My users will all display their original ip address in the x-forwarded-for header. I'm attempting to ban users (ip addresses) dynamically so I can automatically / quietly blacklist without manual admin intervention.
Currently, I do this manually with htaccess rules. Automatically blocking users at the application level is not acceptable.
Are there any apache modules or methods which will read an ipset list, database, or other to allow me to automatically deny users based on the x-forwarded-for header?
See: Ban IPs from text file using htaccess
Essentially, you can leverage a RewriteMap to either read from a text file, run a script (which could access a database) or even perform an SQL Query using dbd. Remember that you can't define the map in an htaccess file, but you can use the map in one.
And you'd be checking the %{HTTP:X-FORWARDED-FOR} condition instead of the %{REMOTE_ADDR}:
RewriteEngine On
RewriteCond ${access:%{HTTP:X-FORWARDED-FOR}} deny [NC]
RewriteRule ^ - [L,F]