Thanks for the reply! Yes, that is correct. But since I cannot use arbitrary headers, these options aren't viable for me. Basically, I need to restrict the same Location, via a single restriction (preferably via IP subnets), using an explicit defined Header from 50% of web traffic [Netscaler], and the REMOTE_ADDR (or whatever mod_access uses to get the client IP) [BigIP] from the other 50%, at the same time; SetEnvIf will only help me with the Netscaler traffic. I need a single solution to handle both scenarios. Thanks, - Jeff ----- Original Message ---- From: Joshua Slive <joshua@xxxxxxxx> To: users@xxxxxxxxxxxxxxxx; Jeff Nokes <jeff_nokes@xxxxxxxxx> Sent: Monday, April 24, 2006 2:09:37 PM Subject: Re: [users@httpd] mod_access and Client IP's from Load Balancers On 4/24/06, Jeff Nokes <jeff_nokes@xxxxxxxxx> wrote: > > > <LocationMatch "^/+(marketing/report.*)$"> > order deny,allow > deny from all > allow from 10 172.16 192.168 > </LocationMatch> mod_rewrite or mod_setenvif can do access control based on arbitrary headers. So assuming you have an X-Remote-IP header, you could do SetEnvIf X-Remote-IP ^10\..* good-guy SetEnvIf X-Remote-IP ^172\.16\..* good-guy SetEnvIf X-Remote-IP ^192\.168\..* good-guy and then add Allow from env=good-guy to the above block. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|