httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] mod_rewrite and network addresses?
Date Mon, 25 Jul 2005 17:37:35 GMT
On 7/25/05, Dick Davies <> wrote:
> I have content I want to serve up via http to intranet users, but have
> external IPs authenticate over SSL (mod_auth_ldap).
>   # for main network users
>   RewriteCond %{REMOTE_ADDR} !^10\.9\..*
>   # XXX these are hosed
>   # ....or our other two sites
>   RewriteCond %{REMOTE_ADDR} !
>   RewriteCond %{REMOTE_ADDR} !
>   # .... then you need to authenticate
>   RewriteRule ^(.*)$ https://server.domain$1 [R,L]

> Now this works fine for the network (because it's a class B),
> but since we're just matching a string (REMOTE_ADDR) with no network information
> it isn't going to cut it for the last two sites.
> Am I really going to have to have one line for each possible starting string
> for each of the last two subnets?

Well, you will need to build a regex that does the matches.  But you
won't need one for every starting string.  You can use stuff like
RewriteCond %{REMOTE_ADDR} !^10\.0\.11[2-9]\.*
RewriteCond %{REMOTE_ADDR} !^10\.0\.12[0-7]\.*
which I believe should get the intention of your first line. (Note
also the correct regex escaping of the '.'.)

Alternative techniques include using a RewriteMap to list all the
address (at least down to the /24 level), or going back to mod_access.
 For example, you could do something like
Order Allow,Deny
Allow from
Allow from
ErrorDocument 403 https://server.domain
(That doesn't necessarily get you to the right exact page.  For that,
you'd need to
point your ErrorDocument at a CGI script to do the redirection.)


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message