Redirect a range of IPs using RewriteCond

2020-02-03 10:18发布

站内问答 / 移动开发
1788 5 5

Currently I am redirecting all users except for the IP 12.345.678.90 using:

RewriteEngine On
RewriteCond %{REQUEST_URI} !/maintenance$
RewriteCond %{REMOTE_HOST} !^12\.345\.678\.90
RewriteRule $ /maintenance [R=302,L]

What syntax would I use to allow a range? In my Allow list I have:

Allow from 123.45.678.90/28

Would it work if I just update the REMOTE_HOST line to:

RewriteCond %{REMOTE_HOST} !^12\.345\.678\.90/28

5条回答
兄弟一词,经得起流年.
2楼-- · 2020-02-03 10:43

I like to use the following which allows partial address matching. In Your virtualHost/htaccess file

SetEnvIf HOST "siteYouAreworkingON.com" ACCESS_CONTROL<br>
SetEnvIf Remote_Addr "list of full or partia ipadresses separated by |"<br>
RewriteCond %{ENV:ACCESS_CONTROL} 1<br>
RewriteRule .* http://gohere.instead [L,R]

Hope it helps.

查看更多
0人赞 添加讨论(0) 举报
放荡不羁爱自由
3楼-- · 2020-02-03 10:49

You probably want the %{REMOTE_ADDR} to match against, but you can't use CIDR notation as the %{REMOTE_ADDR} is literally the remote address and you can use a regular expression to try to match against it. So for 123.45.67.89/28, (123.45.67.80 - 123.45.67.95), you'd have to do something like this:

RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.8[0-9]$
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.9[0-5]$
查看更多
0人赞 添加讨论(0) 举报
疯言疯语
4楼-- · 2020-02-03 10:51

Although this is an old question, I find it still very relevant. An alternative that does allow CIDR notation is the following (example is in a virtualhost apache conf file):

<VirtualHost *:80>
    .
    .
    .
    <Files maintenance>
        Require all denied
        Require ip 12.345.678.90/28
    </Files>
    .
    .
    .
</VirtualHost>

As a sidenote, I suspect, without having done any testing or finding any evidence, that this method is "faster" than the RewriteCond expr "-R '192.168.1.0/24'" methods mentioned.

This is for the simple reason that at this high level there appears to be less computational steps involved.

N.B. a requester from an IP that is denied will see a "Permission denied" or "Forbidden" type response. You can make this prettier by adding in a custom 404 page that responding with a 200/OK (this way Google won't penalise your domain). The 200/OK has to be the first line of your custom 404 page. For example in PHP, the first line would read:

<?php header("Status: 200 OK"); ?>

You'd want to do this for a legit page you redirect to. Actual 404s should respond with 404 to keep us from ending up with a ton of useless search engine results down the road.

查看更多
0人赞 添加讨论(0) 举报
乱世女痞
5楼-- · 2020-02-03 10:59

If you're using Apache HTTPD 2.4 or later, you can use expressions to match REMOTE_ADDR against a CIDR mask.

The short form looks like this:

RewriteCond expr "-R '192.168.1.0/24'"

The following longer form is also available, but the documentation suggests it is less efficient:

RewriteCond expr "%{REMOTE_ADDR} -ipmatch '192.168.1.0/24'"

That makes the full solution to your example something like this:

RewriteEngine On
RewriteCond %{REQUEST_URI} !/maintenance$
RewriteCond expr "! -R '12.345.678.90/28'"
RewriteRule $ /maintenance [R=302,L]
查看更多
0人赞 添加讨论(0) 举报
看我几分像从前
6楼-- · 2020-02-03 11:04

Try this in .htaccess. It's working.

RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.[0-255]
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)