Forum Moderators: open
Is that syntax valid:
Allow from 64.233.173.193/255
does that include 64.233.173.194 to 255?
and this one?
216.239./0/255./0/255
does that cover 216.239.anything?
123.123.123
which would mean 123.123.123.0 - 123.123.123.255
This may or may not work in mod_rewrite directives (I haven't tested it) but I think it should.
In mod, you may use
deny from 64.233.173. (per your example)
deny from 216.239. (per your example)
or the CIDR methods (per your example)
Ex:239.216.0.255/32 (not correct numbers)
for Rewrites (I'm not sure if the CIDR subnet ranges are useable or not)
The rewrite for does that include 64.233.173.194 to 255?
would be 64\.233\.173\.(19[4-9]¦2[0-5][0-9])$ [OR]
(please note the forum changes the pipe character to broken lines and requires correction prior to use.)
The are many examples of these rewrite methods in "Close to Perfect Htaccess" threads and "A simple beginning" as well.
Allow from 64.233.173.193/255
does that include 64.233.173.194 to 255?
This is not correct for either CIDR or Netmask notation.
The base address is probably incorrect, since 194 is not a power of two (it's likely that 192 is the correct base address).
Correct CIDR notation for 64.233.173.192 to 255 would be:
Allow from 63.233.173.192/26
or alternately, using netmask notation:
Allow from 63.233.173.192/255.255.255.192
Note that the CIDR notation specifies the number of ones, counted from the most-significant bit of the IP address expressed as a binary number, down to the least significant bit that "matters" in limiting the range.
Similarly, the Netmask is a direct representation of that string of ones, starting at the most-significant digit. In other words, in the Netmask 192, there are 26 ones starting at the left end of the binary number and counting down.
"Base" address of range 63.233.173.192 octets convert to binary, periods retained for clarity only:
00111111.11101001.10101101.11000000
"Top address of range "63.233.173.255 octets convert to binary, periods retained for clarity only:
00111111.11101001.10101101.11111111
Identify the bits that can change while remaining within this range; In a mask, these are called "don't care" bits and can be identified by using a Boolean "Exclusive OR" operation:
00111111.11101001.10101101.11000000 base address
XOR
00111111.11101001.10101101.11111111 top
result
00000000.00000000.00000000.00111111 These resulting ones are the "Don't care" bits
Invert this result (use the Boolean "NOT" operator) to get the Netmask (swap all ones and zeroes)
11111111.11111111.11111111.11000000 This is the netmask in binary.
Count the ones in the Netmask to get the CIDR, in this case, 26.
Convert back to decimal octet representation to get the netmask:
255.255.255.192
Mote that the string of ones in the Netmask must be contiguous from the most-significant bit down to the last "1" in the string. That is, if the string of ones in the Netmask is broken by any zeroes "at the left or in the middle" then this indicates that the range cannot be defined using a single netmask or CIDR -- You must identify the two or more sub-ranges and calculate the netmask and or CIDR for each them. This will happen if the number of addresses within the desired range is not an exact power of two, e.g. 1, 2, 4, 8, 16, 32, 64, 128, or 256.
If the originally-posted 64.233.173.194 to 255 address range was correct, then it would take a rather big stack of Allows with address sub-ranges to cover it. Alternately, one Allow and one Deny could be used to achieve the desired result as long as you're using "Order Allow,Deny".
CIDR:
Allow from 63.233.173.192/26
Deny from 63.233.173.192/31
or alternately, using Netmask:
Allow from 63.233.173.192/255.255.255.192
Deny from 63.233.173.192/255.255.255.254
All in all, it's much easier to use a Netmask/CIDR calculator to do this, and these are fairly easy to find on the Web... :)
Jim
