Apache 2: SetEnvIf "IP Range"

apache-2.2 ip environment-variables

In my Apache config I want to set an environment variable if I see that the visitor comes from an specific IP range. Currently I do it this way:

SetEnvIfNoCase Remote_Addr "^194\.8\.7[45]\." banned=spammer-ip
SetEnvIfNoCase Remote_Addr "^212\.156\.170\." banned=spammer-ip

What I would prefer is something like this:

SetEnvIfIpRange 194.8.74.0/23 banned=spammer-ip
SetEnvIfIpRange 212.156.170.0/24 banned=spammer-ip

... because I think that converting an IP address to a string and then do an regular expression is a total waste of ressources.

I could do an

Deny From 194.8.74.0/23

... but then I don't get a variable that I can check in my 403 error page - to find the reason why access has been denied.

Any suggestions what I might miss? Is there an Apache2 MOD that can set environment variables based on "IP Address Ranges"?


What you've got (SetEnvIfNoCase Remote_Addr "^a.b.c." env_key=env_value) is the best you'll easily do. I've seen this configuration style implemented on a heavily loaded cluster of machines, without any noticeable performance degradation. I agree using regular expressions, when CIDR ranges are more appropriate is annoying. You could write a small program to automatically generate the config from a list of CIDR ranges.

If you're familiar with Perl, you could create a modperl handler, which would allow/deny requests in whichever way you choose. modperl allows your code to run at different points throughout a HTTP request - mod_perl 2.0 HTTP Request Cycle Phases. PerlAuthzHandler would be the appropriate handler to use.

Lockie


You may use CIDR formatting with Apache 2.4 which allows <If>:

<If "%{REMOTE_ADDR} -ipmatch 194.8.74.0/23">
    SetEnv banned = spammer-ip
</If>

be aware that variables set through SetEnv are not visible on some operations (see matrix):

http://www.onlinesmartketer.com/2010/05/27/apache-environment-variables-visibility-with-setenv-setenvif-and-rewriterule-directives/

your solution is

SetEnvIfExpr "-R '10.0.0.0/8' || -R '172.16.0.0/12' || -R '192.168.0.0/16'" rfc1918

see https://httpd.apache.org/docs/trunk/mod/mod_setenvif.html#SetEnvIfExpr

Related

how do I resolve "user isn't assigned to any management roles" error in Exchange 2010 EMC?
Where should the web server root directory go in linux? [closed]
Services: Is there any real difference between "Manual" and "Disabled"?
Tips to gracefully take over a (UNIX) production server
How to enable color in Vim over SSH? [closed]
How to install package with yum without updating repository information?
Why is my router CPU at 40% when no processes use more than 2%?
Location of Google servers [closed]
Finding relatives of the series $\varphi =\frac{3}{2}+\sum_{k=0}^{\infty}(-1)^{k}\frac{(2k)!}{(k+1)!k!2^{4k+3}}$.
Why is the range of inverse trigonometric functions defined in this way?
Find value of '$t$' at a point on a cubic Bezier curve
Reference Books on Cryptography