[users@httpd] mod_rewrite and network addresses?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

I'm trying to do what should be simple, can anyone suggest a better approach?

I have content I want to serve up via http to intranet users, but have
external IPs authenticate over SSL (mod_auth_ldap).

the internal nets are (say):

10.9.0.0/16
10.0.112.0/20
10.19.64.0/22

I solved this by having two vhosts, one clear and one ssl.
The SSL site requires basic ldap auth, and the non-ssl vhost has some
mod_rewrite voodoo like this:

<VirtualHost server.domain:80>
...snip
  # for main network users
  RewriteCond %{REMOTE_ADDR} !^10\.9\..*
  # XXX these are hosed
  # ....or our other two sites
  RewriteCond %{REMOTE_ADDR} !10.0.112.0/20
  RewriteCond %{REMOTE_ADDR} !10.19.64.0/22
  # .... then you need to authenticate
  RewriteRule ^(.*)$ https://server.domain$1 [R,L]
...snip
</VirtualHost>

Now this works fine for the 10.9.0.0/16 network (because it's a class B),
but since we're just matching a string (REMOTE_ADDR) with no network information
it isn't going to cut it for the last two sites.

Am I really going to have to have one line for each possible starting string
for each of the last two subnets?

-- 
'A length of plastic drainpipe with a roller skate at each end makes an ideal "car" for snakes.'
		-- Top Tips
Rasputin :: Jack of All Trades - Master of Nuns

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux