try this:

RewriteCond %{REMOTE_ADDR} ^123\.45\.[12][0-9][0-9]\. [OR]
RewriteCond %{REMOTE_ADDR} ^123\.45\.[7-9][0-9]\. [OR]
RewriteCond %{REMOTE_ADDR} ^123\.45\.6[7-9]\.

it also matches 123.45.[256..299].* but who cares?

> 123.45.67.0 - 123.45.255.255

This can be compressed into one line:

RewriteCond %{REMOTE_ADDR} ^123\.45\.(6[789]¦[789][0-9]¦[12][0-9]{2})\.

Replace the broken pipe "¦" characters in the code with solid pipe characters before use; Posting on this forum modifies the pipe characters.

Jim

Jim,
Could you explain the use of {2} near the end of the string?

Thanks in advance

Don

edited by wilderness.

I believe the following cover 100-299?

[12][0-9]{2}

[edited by: wilderness at 5:00 pm (utc) on Mar. 5, 2007]

Also, what's the advantage to using [789] as opposed to [7-9]?

{2} is a quantifier, requiring two of the preceding (whatevers).
{2,4} requires from two to four (whatevers).
(5,} requires five or more...
{,3} requires three or less...

[789] is marginally faster, doing three discrete compares without having to call the (more complicated) range-processing routine for [7-9].

Jim

So I may replace all instances of 1[0-9][0-9]¦2[0-5][0-9]

with

[12][0-9]{2}

Yes, there's no problem with that. The pattern matches 100-299, but that's OK, because it is impossible for your server to ever receive a request from an IP address with an octet value above 255 -- In fact, it is impossible to *send* a request with a IP octet value above 255, because, by definition, an 'octet' contains the decimal value of an eight-bit (binary) number, and the largest number that can be expressed in an eight-bit number is 255.

Jim

Many thanks Jim.

Only had about a dozen such expressions.
may be able to modify some similar later.
Reduced my file sixe by 2k or approx 2.5%

Also the changes to [789] and [345] seems (perhaps I'm hallucinating) to make my pages come up faster.

Makes me wonder of the overall effect of the complete file?

Don

> Also the changes to [789] and [345] seems (perhaps I'm hallucinating) to make my pages come up faster.

Not very likely, as the difference might be measured in milliseconds (1/1,000 second). But efficiencies and inefficiencies add up, and the more efficient your code is now, the longer it will be before you have to re-code it or trim it to speed it up as your site becomes more popular and your traffic increases.

This kind of change is nowhere near as important as replacing terribly-inefficient patterns like "^(.*)/(.*)/(.*)$" with efficient ones like "^([^/]+)/([^/]+)/(.+)$". Inefficient regex patterns like that can *visibly* slow down even a moderate-traffic site.

Jim

"This kind of change is nowhere near as important as replacing terribly-inefficient patterns like "^(.*)/(.*)/(.*)$" with efficient ones like "^([^/]+)/([^/]+)/(.+)$". Inefficient regex patterns like that can *visibly* slow down even a moderate-traffic site."

Jim,
"It's greek [or geek] to me". :)

Unfortunately (or fortuantely), I haven't taken the time to explore an comprehend the use of such examples and tend to follow "KISS", thus I don't have any such items in expressions.

Don

Gah! This stuff is worse than high school algebra, I took it twice and got a D both times.

What if I wanted to block 71.120.0.0 - 71.120.31.255

Would either of these be correct?
^71\.120\.(0[1-9] ¦ [19][0-9]{2}
^71\.120\.(0[1-9] ¦ [13][0-9]{2}

It looks like the bottom one would block 71.120.0.0 - 71.120.99.255 instead of 71.120.31.255

I've found a few tutorials on this stuff but I'm still not understanding it. Could someone maybe break this stuff down for me and give me a little explanation as to why something works or doesn't work? I've got several ranges that I want blocked and I'd like to be able to understand this stuff to block them myself. I don't want to have to ask people in forums to do it for me.

I hate to complicate things even more but I read that doing something like this would also work:
RewriteCond %{REMOTE_ADDR} <71.120.31.255
RewriteCond %{REMOTE_ADDR} >71.120.0.0

and it does work somewhat but the more ranges I add, the less ranges that are actually blocked. Any reason for that?

What if I wanted to block 71.120.0.0 - 71.120.31.255

Would either of these be correct?
^71\.120\.(0[1-9] ¦ [19][0-9]{2}
^71\.120\.(0[1-9] ¦ [13][0-9]{2}

It looks like the bottom one would block 71.120.0.0 - 71.120.99.255 instead of 71.120.31.255

The following is correct

^71\.120\.([0-9]¦[12][0-9]¦3[01])\.

you musn't forget the characters I've bolded.
In addition the this forum changes the pipe character to a broken pipe and requires correction before use.

AND if you have additional rewrites before or after this line, you MUST include the [OR] at the end of the line.

The quantifier "{2} is only used to replace EXACT duplication of the same characters and must be used within and applying to the same OR "¦" section.

The beginning of both of parenthenses "(0[1-9)" is invalid and would generate a 500 error taking your site (s) down.

Your attempted second half and use of the quatifier reads as follows:
100-999 (1st Line) and 100-399 (2d Line)which is also invalid, however that portion may slip through without a 500 error (Jim perhaps may advise on that?)

I've found a few tutorials on this stuff but I'm still not understanding it. Could someone maybe break this stuff down for me and give me a little explanation as to why something works or doesn't work? I've got several ranges that I want blocked and I'd like to be able to understand this stuff to block them myself. I don't want to have to ask people in forums to do it for me.

I hate to complicate things even more but I read that doing something like this would also work:
RewriteCond %{REMOTE_ADDR} <71.120.31.255
RewriteCond %{REMOTE_ADDR} >71.120.0.0

and it does work somewhat but the more ranges I add, the less ranges that are actually blocked. Any reason for that?

I've never seen the greater than or less than characters used in this fashion. At least not in expression of IP ranges.
Even if the greater than or less than characters wereyour attempt would still generate a 500 error because you have failed to escape the decimals/Class separators.

Some well spent reading are some very old and VERY long threads:

[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]

I'm not sure if my simple and incomplete explanation will assist you:
[webmasterworld.com...]

You may find it easier to begin using the "deny from" options in mod as opposed to jumping right into the fire of rewrites.

lil,
In addition you should make sure that somewhere in the beginning of your rewrites that you have used

"Rewrite on"

followed by you conditions or Rewrites

and then folowed by your action/rule
EX: RewriteRule .* - [F]

Thanks for all the replies. This is a very helpful place.

So would this be correct?
For 71.117.16.0 - 71.117.31.255 I would use -

^71\.117\.(1[6789]¦[2][0-9]¦[3][01])\.

I'm actually not really sure if the [6789] is correct or if it should be [6-9] And I'm not sure if it's [01] or if it should be [0-1]

lil,
Yes, however I'm not sure of the benefits of the [6789](perhaps Jim amy advise?)

I 've made many changes the past two days in my htaccess.
One was from a previous three digit range anyNumber-separatedByHypen-any number and the other was in some longtime errors that I noticed is seqential number (your example:

[01] or if it should be [0-1]

It will function either way, however minus the hyphen is appprently slightly faster.

Many times in Regex and Rewrites there is not a definite way to accomplish an effect, rather multiple possibilites that derive the same outcome.

One key to understanding this stuff is to understand that you are doing lexical (character-by-character) comparisons, not numeric comparisons. Regular expressions works based on character strings only, and the pattern-matching does not involve any "understanding" of numeric values. Even the range notation [0-9] means "any character between and including the characters 0 and 9" and not "any number between 0 and nine inclusive."

So using the ">" and "<" notation is valid, but you must be VERY careful when doing so because, for example, both of these are true:

6 < 10 (numerically)
6 > 10 (lexically)

This is because a lexical comparison is done character-by-character, and 6 is larger than 1 regardless of whether (blank) is greater than zero.

The lexical compare only works well when "all the numbers and periods line up" in the low and high end-addresses, as in:
>192.168.0.1
<192.168.0.9

Jim

> In addition you should make sure that somewhere in
> the beginning of your rewrites that you have used
>
> "Rewrite on"

Um... This will work a bit better --

RewriteEngine on

: )