I think you'll need to change that hyphen to an underscore there (

Remote_Addr

):
[httpd.apache.org...]

Also, don't forget to include the access control code.

<Files *>
order allow,deny
allow from all
deny from env=keep_out
</Files>

coopster,
the BrowserMatchDirective on the Apache page link you've provide gives an example of the following:

BrowserMatch "^Mozilla/[2-3]" tables agif frames

which provides the hyphen (same as regex in Rewrite) rather than an underscore.

I searched the other Apache pages both before and after your reply and there are examples of letter ranges defined as:

[a-z]

Were the underscore applicable, it would be used there as well.

Many thanks for you input.

Key_Master,
Have all that, and just omitted it in my inquiry.
Many thanks.

These non-functioning lines have something to do with being incomplete, perhaps I'll need to define the sub-class 0-255 ranges.

There are many, many examples across the web of single IP's defined through the Class D, however no examples or explanation of variable range IP's
EX (how would it hiccup on something like this) if the simple 90-95 doesn't function):

^81\.235\.([0-9]|1-3][0-9]|4[0-7]|49|[5-9][0-9]|1[0-9][0-9]|2[0-5][0-9])\. keep_out

I was hoping I'd get lucky and locate somebody actually using the line.

The underscore is applicable for attribute Remote_Addr (not Remote-Addr).

Your regex is fine and should work but...

SetEnvIf Remote_Addr ^81\.235\.((^48)+)\. keep_out

is faster and uses less code.

Many thanks Key_Master and coopster.

I had not even noticed that.

I'm wondering why such an error would NOT generate a 500 and take down the whole site!

KeyMaster,
Could you expand on this?

((^48)+)

NOT 48 I understand, one or more time I don't (at least in this instance.

In searching the web, I stumbled across some unusual applications of SetEnvIf that I was not aware of previously.
Couldn't explore them, however until I solved this.

Many thanks again to both of you.

Don

If the attribute doesn't match any of the special keywords or any of the request's header field names, it is tested to see whether it matches the name of an environment variable in the list of those associated with the request.

[apacheref.com...]

This is why it doesn't generate a 500 error. You have to love how powerful Apache is.

It's matching something that doesn't include 48. Since it's an IP, we know it can't be an empty field so we use the plus sign to match one or more characters at a time until it hits the escaped period.

I don't know how far back in Apache versions this type of pattern matching can be done. I just posted it because it does work in later versions and it is a nifty trick to know.

I found an example of NOT on another website (I'd have to look up each character translate individually:

^((?!10\.).+)

This 2002 thread [webmasterworld.com] provides and example of using redirect/Rewrite in conjunction with SetEnvIf, whether it works with the newer versions of Apache is unknown:

setenvif REMOTE_ADDR 192.12.131.1 REDIR="redir"
setenvif REMOTE_ADDR 192.12.131.2 REDIR="redir"
setenvif REMOTE_ADDR 192.12.131.4 REDIR="redir"
setenvif REMOTE_ADDR 192.12.131.7 REDIR="redir"
setenvif REMOTE_ADDR "^192\.12\.132\." REDIR="redir" # redirects 192.12.132.0 - 255
RewriteCond %{REDIR} redir
RewriteRule .* /page.html

^((?!10\.).+) doesn't work but ((?!10).+)\. does (at least for digits in the middle of the IP).

Here's another, simpler way:

SetEnvIf Remote_Addr ^81\.235\.([^4]8|4[^8])\. keep_out


The redir code will work also.

coopster,
the BrowserMatchDirective on the Apache page link you've provide ...

Grrr! The redirection software running the WebmasterWorld forum truncates the fragment identifier. Sorry about the confusion and thanks Key_Master for clarifying.

And spot on regarding the "No 500 error" issue. Since Apache doesn't find any attribute with the misspelled 'Remote-Addr' name it won't set your environment variable,

keep_out

.

((^48)+)

This actually says to match anything that begins with ^, followed by the number 4, followed by the number 8, followed by at least one more pattern of ^ followed by 4 followed by 8:

^48^48^48 true 
^48^48     true 
^48      false

The circumflex (

^

) in a regular expression asserts start of string (or line, in multiline mode), but only when it is the first character. Otherwise it is viewed as a literal circumflex character. Exception to that rule is when it is used as part of a pattern that is in square brackets which is called a "character class". Within a character class the circumflex negates the class but only if it is the first character. Take the following character classes as an example:

[aeiou] matches any lower case vowel 
[^aeiou]  matches any character that is not a lower case vowel

I made that mistake myself when I first started learning regular expressions. You think that [^cat] will match anything that is not "cat" whereas it actually matches anything that is not a "c" or not an "a" or not a "t" at that particular place of the pattern.