Hi all,
I'm trying to do what should be simple, can anyone suggest a better approach?
I have content I want to serve up via http to intranet users, but have
external IPs authenticate over SSL (mod_auth_ldap).
the internal nets are (say):
10.9.0.0/16
10.0.112.0/20
10.19.64.0/22
I solved this by having two vhosts, one clear and one ssl.
The SSL site requires basic ldap auth, and the non-ssl vhost has some
mod_rewrite voodoo like this:
<VirtualHost server.domain:80>
...snip
# for main network users
RewriteCond %{REMOTE_ADDR} !^10\.9\..*
# XXX these are hosed
# ....or our other two sites
RewriteCond %{REMOTE_ADDR} !10.0.112.0/20
RewriteCond %{REMOTE_ADDR} !10.19.64.0/22
# .... then you need to authenticate
RewriteRule ^(.*)$ https://server.domain$1 [R,L]
...snip
</VirtualHost>
Now this works fine for the 10.9.0.0/16 network (because it's a class B),
but since we're just matching a string (REMOTE_ADDR) with no network information
it isn't going to cut it for the last two sites.
Am I really going to have to have one line for each possible starting string
for each of the last two subnets?
--
'A length of plastic drainpipe with a roller skate at each end makes an ideal
"car" for snakes.'
-- Top Tips
Rasputin :: Jack of All Trades - Master of Nuns
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
