Re: [users@httpd] Allow from - requiring both a http header and an IP range

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 7/20/05, Dieter Vrancken <dieter.vrancken@xxxxxxx> wrote:
> Hi all,
> 
> This issue seems very simple at first, but I can't figure out
> how to make it work. I'm using Apache 1.3.33 on Debian sarge.
> 
> I want to allow access to a directory based on the following
> conditions:
> - user comes from IP range A or
> - user comes from IP range B or
> - user comes from IP range C _and_ has a specific HTTP header
>   set to a predefined value
> 
> <Directory /some/dir>
>   Order deny,allow
>   Deny from all
>   Allow from ip_range_a
>   Allow from ip_range_b
>   # now what ?
> </Directory>
> 
> I've searched the docs and mailing list for similar questions,
> but couldn't find anything like it. What can I add to allow
> users from the last range with the header set?
> 
> There doesn't seem to be a way to combine multiple conditions
> into one "Allow from" statement (and'ed that is). Likewise,
> SetEnvIf can't take two pieces of info into account. I've
> tried combining the conditions using mod_rewrite (1) in a
> rather clumsy way, but that doesn't seem to work either.
> 
> What am I missing? Surely I'm not the first one to want to do
> this. Could you point me in the right direction?
> 
> Please enlighten me,
> Dieter
> 
> (1) using something like this in the Directory block
>   RewriteCond %{REMOTE_ADDR} ^xxx\.yyy\.zzz
>   RewriteCond %{HTTP_X_MAGIC} magic_value
>   RewriteRule (.*) $1 [E=RANGE_C]
>   Allow from env=RANGE_C

This can, in fact, be done using mod_setenvif using something like
SetEnvIf Remote_Addr .* goodadd=0
SetEnvIf Remote_Addr ^xxx\.yyy\.zzz goodadd=1
SetEnvIf X-Magic magic_value letmein
SetEnv goodadd 0 !letmein
Allow from env=letmein

It can also be done with mod_rewrite.  If you want to use that
technique, start by using the RewriteLog to find your problems.  Also
note that arbitrary HTTP headers must be specified using
%{HTTP:header} and that mod_rewrite can deny the request itself using
the F flag.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux