Forbid some IPs from a certain Network on Apache?

Question

I want to redirect all the inside network IPs (and only the inside network "192.168.1.0") to an error page except some IPs, A condition like this:

if ( IP_from_Network = 192.168.1.0 and ((IP != 192.168.1.4) or (IP != 192.168.1.5)
or (IP != 192.168.1.6)) )
{
redirect to an error page
}

so I have trying to achieve this using RewriteEngine:

RewiteEngine On
RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.4$  [NC]
RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.5$  [NC]
RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.6$  [NC]
RewriteCond   %{REMOTE_ADDR}   ^192\.168\.1\.*$  [NC]
RewriteCond   %{REQUEST_URI}   ^/test/manager/.* [NC]
RewriteRule    ^(.*)$           -                 [R=404,L]

but this didn't work for me

Should I use other tags like [OR] or [AND]?

Update:

Directory tag:

<Directory /var/www/html/test>
  Order allow,deny
  Allow from 192.168.1
  RewriteEngine on
  RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.4$  [NC]
  RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.5$  [NC]
  RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.6$  [NC]
  RewriteCond   %{REMOTE_ADDR}   ^192\.168\.1\.*$  [NC]
  RewriteCond   %{REQUEST_URI}   ^/test/manager/.* [NC]
  RewriteRule   ^(.*)$           -                 [R=404,L]
</Directory>

You say in a comment to an answer that you "want to achieve what [you] want using RewriteEngine". Why does it have to be done through mod_rewrite? — user, Aug 07 '14 at 08:56
@MichaelKjörling, long story but I use `allow from 192.168.1` because I want every body to reach test directory but in the case of manager directory I want forbid all IPs exept some see question updates. — Nidal, Aug 07 '14 at 09:07
Probably better asked on S.O. or [ServerFault](http://serverfault.com/). — goldilocks, Aug 07 '14 at 09:28
I saw now that you are using `^192\.168\.1\.*$`. Is that intentional? I would expect that to match REMOTE_ADDR values like `192.168.1`, `192.168.1.` and `192.168.1.......`, not `192.168.1.123`. Have you tried `^192\.168\.1\..*$`? (Not perfect, but likely better.) Not too familiar with mod_rewrite and not sure this is your problem so not a full answer yet. Ping me with whether that works and if it does I'll type up a fuller answer. — user, Aug 07 '14 at 09:52
@MichaelKjörling, Thanks for your answer but it still didn't work Idon't think that this is a regex problem I guess this is a conditional problem (AND, OR). — Nidal, Aug 07 '14 at 10:01

score 1 · Accepted Answer · answered Aug 07 '14 at 08:25

1

Use Allow/Deny instead:

<Location /test/manager/>
  Order Deny,Allow
  Deny from  192.168.1.0/24
  Allow from 192.168.1.4 192.168.1.5 192.168.1.6
</Location>

Notice that this allows also any other IP, which I think is not what you want. If so, swap the Order and remove the Deny line:

<Location /test/manager/>
  Order Allow,Deny
  Allow from 192.168.1.4 192.168.1.5 192.168.1.6
</Location>

answered Aug 07 '14 at 08:25

Marcos Dione

526
3
5

Thanks for your answer, I know about Allow/Deny, But I want to achieve what I want using `RewriteEngine` – Nidal Aug 07 '14 at 08:37

Forbid some IPs from a certain Network on Apache?

1 Answers1