1

I would like to use SetEnvIf to block directory access to specific ip addresses.
here is what i came up with.

<Directory /main>
order allow,deny
SetEnvIf Remote_Addr ^(2|5|6)\. banned [OR]
SetEnvIf Remote_Addr ^(7|8|9)\. banned
allow from all
deny from env=banned
</Directory>

the (2|5|6)\. and (7|8|9)\. are wildcarded ip address examples,
I am trying to prevent those ranges from accessing the main directory on my server.
but not sure if the [OR] and the wildcarded ip addresses will work.
Also how can i redirect the banned to http://officeofstrategicinfluence.com/spam/
instead of just denying or blocking them?

sp2014
  • 37
  • 5
  • You don't need the `[OR]`, both rules will happily be applied if they match, nothing will unset a previous match. – Wrikken Feb 10 '14 at 19:03
  • BTW: [this question & answer may be of use to you](http://stackoverflow.com/questions/17852557/use-rewritecond-based-on-environment-variable-in-htaccess) – Wrikken Feb 10 '14 at 19:46

1 Answers1

0

[OR] cannot be used like the way you have used but it can be used as per the regex syntax. Try this code:

<Directory /main>
SetEnvIf Remote_Addr ^(2|5|6|7|8|9)\. banned

order allow,deny
allow from all
deny from env=banned
</Directory>

Also note that <Directory> directive only works in Apache config not in .htaccess

UPDATE: As per comments, you can use this rewrite rule in your root .htaccess:

RewriteEngine On

RewriteCond %{REMOTE_ADDR} ^(2|5|6|7|8|9)\.
RewriteRule ^main(/|$) http://officeofstrategicinfluence.com/spam/ [NC,L,R]
anubhava
  • 761,203
  • 64
  • 569
  • 643
  • is there an alternative to using `` for the `htaccess` ?and is there a way to force a redirect with it instead of just denying? – sp2014 Feb 10 '14 at 19:10
  • i do not think i have access to my http_config file for RewriteMap, just htaccess. also confused how to add the redirect of `http://officeofstrategicinfluence.com/spam/` to your code. – sp2014 Feb 10 '14 at 19:25
  • I didn't even mention `RewriteMap` anywhere in my answer. And clarify what you want to do with `http://officeofstrategicinfluence.com/spam/`? Do you want to redirect `/main/` to this URL? – anubhava Feb 10 '14 at 19:48
  • to clarify what i want to do, for any ip addresses matching `(2|5|6|7|8|9)\.` when they try to go to `/main/ ` they get redirected to `http://officeofstrategicinfluence.com/spam/'. also i checked with host they say the RewriteMap is enabled should it be needed. – sp2014 Feb 10 '14 at 20:16
  • ok the reason i mentioned RewriteMap was because its referenced when i looked up `ipmap:` and was not sure if it was relevant to the code or not. – sp2014 Feb 10 '14 at 20:28
  • That is not needed in your case actually. – anubhava Feb 10 '14 at 20:31
  • could your answer on this post http://stackoverflow.com/questions/15662645/deny-access-from-ips-in-file also be used with my question ? – sp2014 Feb 10 '14 at 20:38
  • What is location of that .htaccess? What was your remote IP? Is mod_rewrite enabled? – anubhava Feb 10 '14 at 20:50
  • its my root htaccess, the mod_rewrite is enabled, i added 24 (which is the 1st part of my ip address) to the `(2|5|6|7|8|9)\.` and nothing happens, i can still view all the stuff in `/main/` might it have something to do with `ipmap` ive never used it before. – sp2014 Feb 10 '14 at 21:11
  • I retested this code and worked fine again so nothing wrong with the rules. – anubhava Feb 10 '14 at 21:32
  • I tried the code by itself, nothing else in the htaccess file and it does nothing on my server. i used " RewriteEngine On RewriteCond %{REMOTE_ADDR} ^(2|5|6|7|8|9|24)\. RewriteRule ^main(/|$) http://officeofstrategicinfluence.com/spam/ [NC,L,R] by itself – sp2014 Feb 10 '14 at 21:45
  • That is only possible if .htaccess isn't enabler OR in wrong place. – anubhava Feb 10 '14 at 21:46
  • ive tried other rules and they all seem to work. something with `RewriteRule ^main(/|$)` does not seem to work for me. – sp2014 Feb 10 '14 at 22:41
  • that works perfect, 1 more thing, using `RewriteCond %{REMOTE_ADDR} ^(2|5|6|7|8|9|24)\. ` if i need a second row, do i need the `[OR]` ? or is it just `RewriteCond %{REMOTE_ADDR} ^(2|5|6|7|8|9|24)\. RewriteCond %{REMOTE_ADDR} ^(2|5|6|7|8|9|24)\. ` – sp2014 Feb 12 '14 at 04:26
  • Actually you need a `[OR]` for another `RewriteCond %{REMOTE_ADDR}` line. – anubhava Feb 12 '14 at 06:54