httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] Allow from - requiring both a http header and an IP range
Date Wed, 20 Jul 2005 15:29:38 GMT
On 7/20/05, Dieter Vrancken <> wrote:
> Hi all,
> This issue seems very simple at first, but I can't figure out
> how to make it work. I'm using Apache 1.3.33 on Debian sarge.
> I want to allow access to a directory based on the following
> conditions:
> - user comes from IP range A or
> - user comes from IP range B or
> - user comes from IP range C _and_ has a specific HTTP header
>   set to a predefined value
> <Directory /some/dir>
>   Order deny,allow
>   Deny from all
>   Allow from ip_range_a
>   Allow from ip_range_b
>   # now what ?
> </Directory>
> I've searched the docs and mailing list for similar questions,
> but couldn't find anything like it. What can I add to allow
> users from the last range with the header set?
> There doesn't seem to be a way to combine multiple conditions
> into one "Allow from" statement (and'ed that is). Likewise,
> SetEnvIf can't take two pieces of info into account. I've
> tried combining the conditions using mod_rewrite (1) in a
> rather clumsy way, but that doesn't seem to work either.
> What am I missing? Surely I'm not the first one to want to do
> this. Could you point me in the right direction?
> Please enlighten me,
> Dieter
> (1) using something like this in the Directory block
>   RewriteCond %{REMOTE_ADDR} ^xxx\.yyy\.zzz
>   RewriteCond %{HTTP_X_MAGIC} magic_value
>   RewriteRule (.*) $1 [E=RANGE_C]
>   Allow from env=RANGE_C

This can, in fact, be done using mod_setenvif using something like
SetEnvIf Remote_Addr .* goodadd=0
SetEnvIf Remote_Addr ^xxx\.yyy\.zzz goodadd=1
SetEnvIf X-Magic magic_value letmein
SetEnv goodadd 0 !letmein
Allow from env=letmein

It can also be done with mod_rewrite.  If you want to use that
technique, start by using the RewriteLog to find your problems.  Also
note that arbitrary HTTP headers must be specified using
%{HTTP:header} and that mod_rewrite can deny the request itself using
the F flag.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message