On 7/20/05, Dieter Vrancken <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> This issue seems very simple at first, but I can't figure out
> how to make it work. I'm using Apache 1.3.33 on Debian sarge.
>
> I want to allow access to a directory based on the following
> conditions:
> - user comes from IP range A or
> - user comes from IP range B or
> - user comes from IP range C _and_ has a specific HTTP header
> set to a predefined value
>
> <Directory /some/dir>
> Order deny,allow
> Deny from all
> Allow from ip_range_a
> Allow from ip_range_b
> # now what ?
> </Directory>
>
> I've searched the docs and mailing list for similar questions,
> but couldn't find anything like it. What can I add to allow
> users from the last range with the header set?
>
> There doesn't seem to be a way to combine multiple conditions
> into one "Allow from" statement (and'ed that is). Likewise,
> SetEnvIf can't take two pieces of info into account. I've
> tried combining the conditions using mod_rewrite (1) in a
> rather clumsy way, but that doesn't seem to work either.
>
> What am I missing? Surely I'm not the first one to want to do
> this. Could you point me in the right direction?
>
> Please enlighten me,
> Dieter
>
> (1) using something like this in the Directory block
> RewriteCond %{REMOTE_ADDR} ^xxx\.yyy\.zzz
> RewriteCond %{HTTP_X_MAGIC} magic_value
> RewriteRule (.*) $1 [E=RANGE_C]
> Allow from env=RANGE_C
This can, in fact, be done using mod_setenvif using something like
SetEnvIf Remote_Addr .* goodadd=0
SetEnvIf Remote_Addr ^xxx\.yyy\.zzz goodadd=1
SetEnvIf X-Magic magic_value letmein
SetEnv goodadd 0 !letmein
Allow from env=letmein
It can also be done with mod_rewrite. If you want to use that
technique, start by using the RewriteLog to find your problems. Also
note that arbitrary HTTP headers must be specified using
%{HTTP:header} and that mod_rewrite can deny the request itself using
the F flag.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
