htaccess deny ua EXCEPT from IP range - combo pack? - Apache Web Server forum at WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

htaccess deny ua EXCEPT from IP range - combo pack?

deny ua except from ip rance

didibreakit

3:06 pm on Aug 8, 2011 (gmt 0)

Hello,

I'm trying to deny a user agent except for when it come from a certain ip range.

I've figured out how to deny the ua...
I'm using

RewriteCond %{HTTP_USER_AGENT} ^NSPlayer [NC]
RewriteRule ^.* - [F,L]

but I would like to allow that user agent - ONLY if it comes from a certain IP range.

Do I need to change the mod-rewrite to the deny, allow form?

Would it be something like this?

SetEnvIfNoCase User-Agent ^NSPlayer BAD_BOT
Order Deny,Allow
Deny from env=BAD_BOT
Allow from 123.45.67/15

Any suggestions - much appreciated

wilderness

4:00 pm on Aug 8, 2011 (gmt 0)

# UA contains and comes frm IP
RewriteCond %{HTTP_USER_AGENT} NSPlayer [NC]
RewriteCond %{REMOTE_ADDR} ^123\.456\.789\. [OR]
RewriteCond %{REMOTE_ADDR} ^234\.567\.890\.
RewriteRule ^.* - [L]

g1smd

5:18 pm on Aug 8, 2011 (gmt 0)

Nearly! Use [F] instead of [L] to block access.

didibreakit

8:13 pm on Aug 8, 2011 (gmt 0)

Thanks wilderness and g1smd.

I keep my other block in place right? Then just add this and there won't be any conflict?

And g1smd... if I add the "F" - will that block the UA completely instead of allowing it IF it comes from a particular IP?

wilderness

10:30 pm on Aug 8, 2011 (gmt 0)

# Both UA contains except from IP
RewriteCond %{HTTP_USER_AGENT} NSPlayer [NC]
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\. [OR]
RewriteCond %{REMOTE_ADDR} !^234\.567\.890\.
RewriteRule ^.* - [F]

lucy24

11:13 pm on Aug 8, 2011 (gmt 0)

RewriteCond %{REMOTE_ADDR} !^123\.456\.789\. [OR]
RewriteCond %{REMOTE_ADDR} !^234\.567\.890\.

REMOTE_ADDR is not Address 1 OR is not Address 2?

lucy24

1:08 am on Aug 9, 2011 (gmt 0)

Whoops, waited too long before finishing the thought.

if I add the "F" - will that block the UA completely instead of allowing it IF it comes from a particular IP?

You can string together as many RewriteConds as you like. By default, they are connected with AND. Structurally what you're doing is

IF user-agent is such-and-such (one RewriteCond)
AND
visitor's IP is NOT such-and-such (another RewriteCond, expressed with leading ! )
THEN
apply the RewriteRule

This goes for any RewriteRule preceded by two or more conditions, regardless of what you have or don't have in the final brackets.

wilderness

1:13 am on Aug 9, 2011 (gmt 0)

You can string together as many RewriteConds as you like. By default, they are connected with AND.

Word of caution!

Just because it's possible, doesn't always mean it's practical.

Six months, one year or five years from now, you may not be able to determine exactly what your were attempting to accomplish by stringing-all-those-conditions-together.

g1smd

7:27 am on Aug 9, 2011 (gmt 0)

Indeed, so always make the first line of each chunk of code a plain language comment describing what the next few lines actually do.

didibreakit

5:34 pm on Aug 9, 2011 (gmt 0)

ahhhhhhh the exclamation point.
ok.
thank you all.

lucy24

8:51 pm on Aug 9, 2011 (gmt 0)

Follow-up: Took a quick look at my own htaccess (which is firmly in "Do as I say, not as I do" territory) for occurrences of more-than-two conditions. Yup, everything annotated. They fall into two groups:

a series of [OR], meaning that anything that meets any one of this list of conditions-- generally identified by the same %{blahblah} such as IP or referer-- gets the same treatment

a series of ! (with default AND) meaning that anything not meeting any of these possible conditions, et cetera

In each case you're dividing the incoming requests into two groups, Good Guys and Bad Guys. The [OR] version means there are just a few discrete Bad Guys. The ! [AND] version means that you're assumed to be a Bad Guy unless you belong to one of the excluded groups.