If IP address is not in list of IP addresses from my country:
If REMOTE_ADDR !^172\.0\.0\.1$
If REMOTE_ADDR !^192\.168\.10\.
If REMOTE_ADDR !^192\.168\.
If REMOTE_ADDR !^(10\.0\.0\.¦10\.0\.30\.)
Then rewrite restricted.filetype to sorry.php

Now all that remains is to code that using RewriteConds and a RewriteRule, as required.

Note that the first REMOTE_ADDR check looks at the entire IP address, and thus matches only a single address. The second only looks at the first three octets, and so matches 256 addresses. The third looks at only the first two octets, and so matches 65,536 addresses. The fourth line show how to combine listed IP addresses and ranges in a single line for efficiency (at the cost of readability) using the local "OR" token "¦"

Note that the broken pipe characters must be replaced with solid pipe characters before use in mod_rewrite; Posting on this forum modifies the pipe characters.

Jim

Thanks Jim

The current list I have is in this format showing the ranges

58.6.0.0/17
58.6.128.0/17
58.7.0.0/16

I am not sure how to adapt it to your examples

58.6.0.0/17
58.6.128.0/17
58.7.0.0/16

58.6.0.0 - 58.6.127.255
58.6.128.0 - 58.6.255.255
58.7.0.0 - 58.7.255.255

Optionally, use mod_access in a <Files> container:

Order Deny,Allow
#
<Files restricted.filetype>
Deny from all
Allow from 58.6.0.0/17 58.6.128.0/17 58.7.0.0/16
</Files>

Two drawbacks: First, you may use only one "Order" directive in any given .htaccess file. Second, the Deny is based only on the filename -- not the URL, and not the filepath, just the filename. So, if this code is placed in your Web root directory, it will deny access to any file with that given name, anywhere in your server filespace. Therefore, it is recommended to put this code in an .htaccess file in the same directory as the file to be controlled, where the deny will apply only to that file and same-named files in subdirectories below the .htaccess file location.

Jim

Thanks Jim and wilderness

Now I am a little bit stuck mod_access works very well but I can not do a redirect and serve another page.

The first method looks better but its getting the ip address boken back down in to there ranges that I have a issue with. If it was just <50 then there would be no issue but as its a few 100 it would take ages.

[webmasterworld.com...]

Wanting to do the same thing as me :-)

Ok one step closer :-)

I am now able to get the ip address from a cidr format to a ip address range format.

58.6.0.0 - 58.6.127.255

now I just need a method to convert that in to the htaccess format?

If REMOTE_ADDR !^(58\.6\.0\.0¦58\.6\.127\.255)

58\.6\.([0-9]¦[1-9][0-9]¦1[01][0-9]¦12[0-7])\.

Correction of broken pipe chracters required.

#Breakdown explanation
#0-9
58\.6\.([0-9])\.

#10-99
58\.6\.([1-9][0-9])\.

#100-119
58\.6\.(1[01][0-9])\.

#120-7
58\.6\.(12[0-7])\.

#extending the range examples
#100-199
58\.6\.(1[0-9][0-9])\.

#200-255
58\.6\.(2[0-5][0-9])\.

You may break these numbers down ever further, should that be required?
Let us assume the you were attempting to include or exclude (depending upon your apllication)

#The Class C 68 (as an example) within the 1-99 range?
58\.6\.(0-9]¦[1-5][0-9]¦6[0-7]¦69¦[789][0-9])\.

You may apply these methods and adjustments of inclusion/exclusion to any of the Class A, B, C or D ranges.

When applying ranges to the Class D range, your required to use the "ending character" or "$".

Once again, the forum breaks the pipe character and these require correction.

Crap now I am really stuck on how to convert
58.6.0.0 - 58.6.127.255 to the required format.

Here is an example of the data I know that I can shrink date using your above examples but just not sure how to clean the data and apply your rules.

[pastebin.com...]

Crap now I am really stuck on how to convert
58.6.0.0 - 58.6.127.255 to the required format.

I supplied the correct data on the first line of my previous reply.

The remaining numbers were supplied merely as examples so that you MIGHT grasp the concept for future use.

Here is an example of the data I know that I can shrink date using your above examples but just not sure how to clean the data and apply your rules.

Your not going to find anybody (person) (nor a converter tool) to convert all those lines to Rewrite in this forum or any other forum and then hand you the work on a plate.

Rather, you use the group examples that I provided (vague as they may seem) and begin the work.

Wondering if I should have bothered posting the alternative solution using CIDR notations above...

Jim

Jim,
My sincere apologies.
I was just attempting to allow you to move on to other issues.

It was apparent to me that the initial inquiry didn't have the basic understanding of either "deny from" or "Rewrite".

I suppose, rather than providing the explanation that I did, all those beginner links I've accumulated would have been more appropiate.
However, you and I have previously discussed the "disappearing links" issues.

Again, my apologies .

Don

Don, I am sorry when I had posted that your full examples for some reason did not show up for some strange reason....

I have read your examples and understand and do grasp the concept, I was up to 2am reading and then another hour thinking how best to tackle this, Jim I saw a good post by you back in 2003 on the same issue that was also very handy.

I did find a method to convert a ranges to a rewrite rule so that's not a issue now and was not expecting to be spoon feed 6k worth of rewrite rules.

What will be hard is condensing the rules as many a time you might have 2 or more rules that can be combined in to one.

One idea I had was to convert the ranges back to ipaddress and then rebuild the ranges. ?

Jim
The CIDR method works well but can only be used either allow or deny
now this will generate a 403 error, I could setup a custom 403 error page but I had read some where that some times when a 403 error is created then the connection to the server is just dropped and the user is not redirected to the custom 403 error.

I tend to use my forum posts as a online notepad, I am sorry if some times if it comes off wanting to be spoon feed its more to be pointed in the right direction or to get ideas from other on how best to attack this.

<---- my internal through process
So my throughs are having 6k worth of rewrite rules is bad as it will just slow the server down. A custom 403 error might work but some users might not get shown the error.

The rewrite rules I have more control over but will need some through in how to condense them. No mater what method I use I need to work out a method to update this list as ranges will always get added.
end brain dump------>

To resolve the "disappearing links" issue a nice wiki hosted locally so users can then combind there examples and methods. So that in 6 months time when a user bounces in from google the link is there.

I do appreciate both your time on this issue and not just casting it off to RTFM.

No worries on denied users seeing the 403 page. A 403 response is *not* a redirect, it is the server serving an alternate page in response to the denied request. When in doubt, test. :)

Jim

Hi Jim sorry for the bad term of a 403. Is there any rules on what type of documents a 403 can be in most cases a 403 would be a html or php file. Would I be breaking 1001 RFC's if I served a PDF file ?

What did you think about about extrapolating the ranges and rebuilding them. I am sure no mater what I do there will be a certain extra load on the server. If I could do this in the php or at geomod level I would so will try and run some tests with a few different browsers.

I did find a method to convert a ranges to a rewrite rule so that's not a issue now and was not expecting to be spoon feed 6k worth of rewrite rules.

What will be hard is condensing the rules as many a time you might have 2 or more rules that can be combined in to one.

One idea I had was to convert the ranges back to ipaddress and then rebuild the ranges. ?

Not sure what "method to convert" your referring to, however, relying on another or a calculator to convert and apply ranges in syntax to an active website is a BAD idea.

It's difficult enough to locate a syntax error (500 taking down your server to all access) when you have created the lines yourself and grasp their intentions (many use remarks).

However. . . .imagaine sifting through a couple of thousand lines of syntax that was created by another and which you are without understanding of!

As to combining the lines?
You crunch the numbers first and then create the rewrites, however even with this method, there will be some lines that will support combining (even though they may not be percieved by a beginner).

BTW, the 58 Class A you used?
Was that just an "example" or are you focused upon the Oceanic countries?

The page must be HTML, whether static or created using PHP or some other script. If you've got to have the visitor read a PDF file for some reason, then link to it from the HTML 403 error document.

Good rule of thumb: Don't mess with HTTP error handling -- Keep it simple and fully-comply with the RFCs.

Jim