Apache 2.4 Require exclude ip range

apache-2.4

Solution 1:

A subtle detail when using the not in a Require directive to negate the match is that it cannot be used by itself to allow or deny a request, as "not true" does not constitute a "false".

Thus, to deny a visit using a negation, the block must have one element that does evaluate as true or false.

To create an IP-address blacklist, rather than a whitelist, you use the following construct:

<RequireAll>
  # Block IP-addresses from 192.168.2.1 and the 193.37.0.0/16 and 10.9.8.0/24 networks 
  Require not ip 192.168.2.1 193.37 10.9.8

  # Allow all other IP's
  Require all granted
</RequireAll>

To allow public access without authenticating but still require auth for localnet you get a an authorisation container like:

<RequireAny>
   # users from the ip-range localnet must be authenticated 
   <RequireAll>
      Require ip "localnet"
      Require valid-user
   </RequireAll>
   # users not from the ip-range localnet are allowed anonymous access
   <RequireAll> 
       Require not ip "localnet"
       Require all granted
   <RequireAll>
</RequireAny>

Related

Cisco ASA Nat 8.4
Create iPXE UEFI bootable image for QEMU/Libvirt with custom next-server and filename
Apache automatically stops each sunday. Why?
Managing and auditing existing Cisco firewall access control and routing rules [closed]
How to redirect an specific url with specific variables in iis
How to make folders ' seen' by PLEX
How do I install the latest ATI Catalyst Video Drivers in Ubuntu 12.10 Quantal?
(update to 14.04) unity is not loading after I login to the admin profile after upgrade [duplicate]
Convert .jar to .deb package
Segmentation fault (core dumped) in nam ubuntu 14.04 [closed]
How do I use aptitude to downgrade/force version of a package?
Ubuntu Server 16.04.02 with Splash Screen and Kiosk mode