httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Host Deny with mod_rewrite
Date Sun, 16 Nov 2003 17:11:08 GMT

On Sat, 15 Nov 2003, Navindra Umanee wrote:
> How can I use this approach to deny access on a domain basis or IP
> subnet basis?  For example, I'd like "123.45.67 -" in the RewriteMap
> to deny access to any IP that matches "123.45.67.*".  With the current
> approach I would need 255 keys in the RewriteMap to match everything
> under 123.45.67.

Hmmm... Tricky problem.  Perhaps you would be better off writing yourself
a custom module based on mod_access, rather than doing extremely fancy
things with mod_rewrite.

But it may be possible.  I'd try something along these lines.
RewriteEngine on
RewriteMap    hosts-deny  txt:/path/to/hosts.deny
RewriteCond   %{REMOTE_ADDR} ^([0-9]+\.[0-9]+\.[0-9]+)\.
RewriteCond   %{REMOTE_HOST} ([^.]+\.[^.]+)$
RewriteCond   ${hosts-deny:%1|NOT-FOUND} !=NOT-FOUND [OR]
RewriteCond   ${hosts-deny:%2|NOT-FOUND} !=NOT-FOUND [OR]
RewriteCond   ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]
RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND
RewriteRule   ^/.*  -  [F]

That is completely untested.  And it will only catch /24 subnets and
second-level domains.  You could, of course, expand it further along the
same lines.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message