Hi all, I'm trying to do what should be simple, can anyone suggest a better approach? I have content I want to serve up via http to intranet users, but have external IPs authenticate over SSL (mod_auth_ldap). the internal nets are (say): 10.9.0.0/16 10.0.112.0/20 10.19.64.0/22 I solved this by having two vhosts, one clear and one ssl. The SSL site requires basic ldap auth, and the non-ssl vhost has some mod_rewrite voodoo like this: <VirtualHost server.domain:80> ...snip # for main network users RewriteCond %{REMOTE_ADDR} !^10\.9\..* # XXX these are hosed # ....or our other two sites RewriteCond %{REMOTE_ADDR} !10.0.112.0/20 RewriteCond %{REMOTE_ADDR} !10.19.64.0/22 # .... then you need to authenticate RewriteRule ^(.*)$ https://server.domain$1 [R,L] ...snip </VirtualHost> Now this works fine for the 10.9.0.0/16 network (because it's a class B), but since we're just matching a string (REMOTE_ADDR) with no network information it isn't going to cut it for the last two sites. Am I really going to have to have one line for each possible starting string for each of the last two subnets? -- 'A length of plastic drainpipe with a roller skate at each end makes an ideal "car" for snakes.' -- Top Tips Rasputin :: Jack of All Trades - Master of Nuns --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx