You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Dieter Vrancken <di...@mac.com> on 2005/07/20 15:43:47 UTC

[users@httpd] Allow from - requiring both a http header and an IP range

Hi all,

This issue seems very simple at first, but I can't figure out
how to make it work. I'm using Apache 1.3.33 on Debian sarge.

I want to allow access to a directory based on the following
conditions:
- user comes from IP range A or
- user comes from IP range B or
- user comes from IP range C _and_ has a specific HTTP header
  set to a predefined value

<Directory /some/dir>
  Order deny,allow
  Deny from all
  Allow from ip_range_a
  Allow from ip_range_b
  # now what ?
</Directory>

I've searched the docs and mailing list for similar questions,
but couldn't find anything like it. What can I add to allow
users from the last range with the header set?

There doesn't seem to be a way to combine multiple conditions
into one "Allow from" statement (and'ed that is). Likewise,
SetEnvIf can't take two pieces of info into account. I've
tried combining the conditions using mod_rewrite (1) in a
rather clumsy way, but that doesn't seem to work either.

What am I missing? Surely I'm not the first one to want to do
this. Could you point me in the right direction?

Please enlighten me,
Dieter

(1) using something like this in the Directory block
  RewriteCond %{REMOTE_ADDR} ^xxx\.yyy\.zzz
  RewriteCond %{HTTP_X_MAGIC} magic_value
  RewriteRule (.*) $1 [E=RANGE_C]
  Allow from env=RANGE_C


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] SOLVED: Allow from - requiring both a http header and an IP range

Posted by Dieter Vrancken <di...@mac.com>.

On Wednesday, July 20, 2005, at 05:30PM, Joshua Slive <js...@gmail.com> wrote:
>
>This can, in fact, be done using mod_setenvif using something like
>SetEnvIf Remote_Addr .* goodadd=0
>SetEnvIf Remote_Addr ^xxx\.yyy\.zzz goodadd=1
>SetEnvIf X-Magic magic_value letmein
>SetEnv goodadd 0 !letmein
>Allow from env=letmein
>
>Joshua.

An excellent solution Johsua! I didn't realize you can also disable environment
variables. I did have to replace the last SetEnv with a SetEnvIf (otherwise the
arguments wouldn't make sense).

I'm not going to bother with mod_rewrite for something that can be solved much
more clearly this way.

Thanks again,
Dieter


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Allow from - requiring both a http header and an IP range

Posted by Joshua Slive <js...@gmail.com>.

On 7/20/05, Dieter Vrancken <di...@mac.com> wrote:
> Hi all,
> 
> This issue seems very simple at first, but I can't figure out
> how to make it work. I'm using Apache 1.3.33 on Debian sarge.
> 
> I want to allow access to a directory based on the following
> conditions:
> - user comes from IP range A or
> - user comes from IP range B or
> - user comes from IP range C _and_ has a specific HTTP header
>   set to a predefined value
> 
> <Directory /some/dir>
>   Order deny,allow
>   Deny from all
>   Allow from ip_range_a
>   Allow from ip_range_b
>   # now what ?
> </Directory>
> 
> I've searched the docs and mailing list for similar questions,
> but couldn't find anything like it. What can I add to allow
> users from the last range with the header set?
> 
> There doesn't seem to be a way to combine multiple conditions
> into one "Allow from" statement (and'ed that is). Likewise,
> SetEnvIf can't take two pieces of info into account. I've
> tried combining the conditions using mod_rewrite (1) in a
> rather clumsy way, but that doesn't seem to work either.
> 
> What am I missing? Surely I'm not the first one to want to do
> this. Could you point me in the right direction?
> 
> Please enlighten me,
> Dieter
> 
> (1) using something like this in the Directory block
>   RewriteCond %{REMOTE_ADDR} ^xxx\.yyy\.zzz
>   RewriteCond %{HTTP_X_MAGIC} magic_value
>   RewriteRule (.*) $1 [E=RANGE_C]
>   Allow from env=RANGE_C

This can, in fact, be done using mod_setenvif using something like
SetEnvIf Remote_Addr .* goodadd=0
SetEnvIf Remote_Addr ^xxx\.yyy\.zzz goodadd=1
SetEnvIf X-Magic magic_value letmein
SetEnv goodadd 0 !letmein
Allow from env=letmein

It can also be done with mod_rewrite.  If you want to use that
technique, start by using the RewriteLog to find your problems.  Also
note that arbitrary HTTP headers must be specified using
%{HTTP:header} and that mod_rewrite can deny the request itself using
the F flag.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org