httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] mod_rewrite and network addresses?
Date Mon, 25 Jul 2005 17:37:35 GMT
On 7/25/05, Dick Davies <rasputnik@hellooperator.net> wrote:
> I have content I want to serve up via http to intranet users, but have
> external IPs authenticate over SSL (mod_auth_ldap).
>   # for main network users
>   RewriteCond %{REMOTE_ADDR} !^10\.9\..*
>   # XXX these are hosed
>   # ....or our other two sites
>   RewriteCond %{REMOTE_ADDR} !10.0.112.0/20
>   RewriteCond %{REMOTE_ADDR} !10.19.64.0/22
>   # .... then you need to authenticate
>   RewriteRule ^(.*)$ https://server.domain$1 [R,L]

> Now this works fine for the 10.9.0.0/16 network (because it's a class B),
> but since we're just matching a string (REMOTE_ADDR) with no network information
> it isn't going to cut it for the last two sites.
> 
> Am I really going to have to have one line for each possible starting string
> for each of the last two subnets?

Well, you will need to build a regex that does the matches.  But you
won't need one for every starting string.  You can use stuff like
RewriteCond %{REMOTE_ADDR} !^10\.0\.11[2-9]\.*
RewriteCond %{REMOTE_ADDR} !^10\.0\.12[0-7]\.*
which I believe should get the intention of your first line. (Note
also the correct regex escaping of the '.'.)

Alternative techniques include using a RewriteMap to list all the
address (at least down to the /24 level), or going back to mod_access.
 For example, you could do something like
Order Allow,Deny
Allow from 10.0.112.0/20
Allow from 10.19.64.0/22
ErrorDocument 403 https://server.domain
(That doesn't necessarily get you to the right exact page.  For that,
you'd need to
point your ErrorDocument at a CGI script to do the redirection.)

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message