How to use netmask calculator

Forum Moderators: phranque

Message Too Old, No Replies

How to use netmask calculator

Newby question

CharlieJ

8:36 pm on Jul 15, 2010 (gmt 0)

I am new to .htaccess and want to limit access to a range of urls within a given institution. Example: 123.123.0.0 through 123.155.255.255.

In order to do this I understand that the best way would be to use a netmask calculator to produce the necessary addon /xx
but (using www.subnetmask.info) I am confused what TCPIP Network Address I should plug in: the starting address (123.123.0.0) or the ending address (123.155.255.255).

And, once the /xx is returned, how do I go about using it in the htaccess file?

My basic question, then, is how do I go about using www.subnetmask.info properly? Is there a how-to page somewhere on the web?

Thanks,
Ch

jdMorgan

12:52 am on Jul 17, 2010 (gmt 0)

No idea... Netmasks are something I've been doing in my head for many years.

The correct netmask for your example above would be 255.255.0.0. The equivalent CIDR-notation would be /16

Therefore, you could use Apache mod_access and state

 Order Deny,Allow

followed by any one of these, which are equivalent:


Allow from 123.123.0.0/16
Allow from 123.123.0.0/255.255.0.0
Allow from 123.123

Note that the zeros in the netmask correspond to the address bits you don't care about -- the ones that vary within the range to be allowed. Note that the CIDR specifies how many contiguous ones are in the netmask when converted to binary, counting from the left. The last 'Allow' line simply omits the part of the address range that varies within the allowed range.

As stated, all three lines are equivalent as handled by mod_access.

This only gets tough when the range to be allowed (or denied) doesn't start and end on nice octet address boundaries, or when the size of the range exceeds its offset. When that happens, it's often necessary to break up the range into smaller chunks and use multiple Allow/Deny directives.

Jim