restrict access to range of IP's

Forum Moderators: phranque

Message Too Old, No Replies

restrict access to range of IP's

damiangarel

4:05 pm on Jul 8, 2003 (gmt 0)

I have a list of IP's which should have forbiden access to my domain. List looks like this:

list-IP-numbers.txt
//start list

1023934464;1023942655
1023959040;1023967231
1024032768;1024065535
1027866624;1027997695

//end of list

or another one like this:

list-IP-addresses.txt
//start list

128.184.0.0;128.185.0.0
128.250.0.0;128.251.0.0
129.0.0.0;132.235.0.0
129.0.0.0;132.255.255.255
134.0.0.0;144.219.0.0
134.0.0.0;144.255.255.255

//end of list

NOw what I wanna do is; Restrict access to all IP ranges in the list with mod_rewrite. All requests from these IP+s should point to "mydomain/somedirectory/page.php", but in the browser they should see regular URL. But I do not understand very well how to doit with RewriteMod command. Should I use this command or is there any other way to do this?

Please help with some suggestions.

damiangarel

4:07 pm on Jul 8, 2003 (gmt 0)

I fogot to tell that this list is very large, so I think I have to use RewriteMod command!? or?

jdMorgan

6:05 pm on Jul 8, 2003 (gmt 0)

damiangarel,

Welcome to WebmasterWorld [webmasterworld.com]!

You will need to convert those IP numbers to decimal octets before you can write mod_rewrite rules to block them. i.e. 1023934464 (decimal) -> 3d 08 00 00 (hexadecimal) -> 61.8.0.0 (decimal in octet [8-bit groups] format)

You can use RewriteMap if you desire, but it is not required.

HTH,
Jim

jdMorgan

6:49 pm on Jul 8, 2003 (gmt 0)

damiangarel,

Here are a few examples to get you started on the list that is already in octet format:

For these ranges
128.184.0.0;128.185.0.0
128.250.0.0;128.251.0.0
129.0.0.0;132.235.0.0

you can use


RewriteCond %{REMOTE_ADDRESS} ^128\.18[45]\. [OR]
RewriteCond %{REMOTE_ADDRESS} ^128\.25[01]\. [OR]
RewriteCond %{REMOTE_ADDRESS} ^129�13[01]\. [OR]
RewriteCond %{REMOTE_ADDRESS} ^132\.([0-9]�[1-9][0-9]�1[0-9]{2}�2[0-2][0-9]�23[0-5])\.
RewriteRule .* - [F]

Note that the last two rules are needed to handle the third range listed above. This is just one of several ways to do it, but the one I find easiest to read and write.

mod_rewrite does a character-by-character (text) compare, not a numerical compare; Thus, for example, each range of 0-9, 10-99, 100-199, 200-249, and 250-255 need to have a different pattern specified. Any part of the pattern which is not specified means "don't care" so ^128\.110\. is used to match 128.110.0.0 through 128.110.255.255.

Ref: Introduction to mod_rewrite [webmasterworld.com]

Note that you will have to replace the broken pipe "¦" characters with the solid pipe character from your keyboard.

HTH,
Jim

damiangarel

10:17 am on Jul 9, 2003 (gmt 0)

Thanks for this, but I already knew that. I see that I will have to use rewritemod somehow.
In the list of IP ranges are more than 1000 IP ranges and if I write the code for every range I'll go mad.
Is there any simple command to call all these ranges in one attempt?

jdMorgan

4:05 pm on Jul 9, 2003 (gmt 0)

damiangarel,

I've never heard of a RewriteMod command - I believe you mean either Apache module mod_rewrite [httpd.apache.org] or the RewriteMap [httpd.apache.org] directive within mod_rewrite.

You could use RewriteMap with maptype=prg to call a script to convert the file formats as needed and perform the rewriting function. I've never done it myself, so I can't help any more than that.

Jim