Deny allow from IPRange

Forum Moderators: phranque

Message Too Old, No Replies

Deny allow from IPRange

How to

Dapuzz

8:51 pm on Feb 13, 2005 (gmt 0)

I need something like this:


<Directory "/www/lanonly/">
Order Deny,Allow
Deny from all
Allow from 192.168.0.1/192.168.0.255
</Directory>

In this example i let enter in my website only lan users.
I want to let enter only people who have a french ip (using ip-to-country database) but i have too many range, and I get a 500 error.
it's possible to do a similar thing?
Thank you

hakre

9:26 pm on Feb 13, 2005 (gmt 0)

Allow from 192.168.0

incrediBILL

9:59 pm on Feb 13, 2005 (gmt 0)

I thought you had to add a /24 on the end like:

Allow from 192.168.0.0/24

or it that only in IPTABLES and the like?

Dapuzz

10:15 pm on Feb 13, 2005 (gmt 0)

192.168 was only an example.

i need allow from
62.*.32.0/62.*.63.255 62.**.1.0/62.**.255.255
<snip> a very long list of specific ip addresses </snip>

but there are TOO many range, i get a 500 Error and all range are correctly wellformatted.

[edited by: jdMorgan at 3:29 am (utc) on Feb. 14, 2005]
[edit reason] Removed specifics. Please see TOS. [/edit]

jdMorgan

3:38 am on Feb 14, 2005 (gmt 0)

The syntax/formatting does not look correct to me.

You may specify a single address, such as 62.**.123.45

Or you may specify a partial address prefix like 62.**.123
Or you may specify a base address and a netmask 62.**.123.0/255.255.255.0
Or you may specify a network/CIDR pair like 62.**.123.0/24

The last three options above do the same thing -- they specify the range of 62.**.123.0 through 62.**.123.255.

Your file was formatted such that it would appear to be in the base address/netmask form, but the netmasks were invalid.

Experiment with a much smaller address list until you get it working, then add a few more addresses.

Jim

Dapuzz

8:37 am on Feb 14, 2005 (gmt 0)

ok, thanks JdMorgan.
Sorry for the specific ip address.