In my Apache config I want to set an environment variable if I see that the visitor comes from an specific IP range. Currently I do it this way:
SetEnvIfNoCase Remote_Addr "^194\.8\.7[45]\." banned=spammer-ip
SetEnvIfNoCase Remote_Addr "^212\.156\.170\." banned=spammer-ip
What I would prefer is something like this:
SetEnvIfIpRange 194.8.74.0/23 banned=spammer-ip
SetEnvIfIpRange 212.156.170.0/24 banned=spammer-ip
… because I think that converting an IP address to a string and then do an regular expression is a total waste of ressources.
I could do an
Deny From 194.8.74.0/23
… but then I don't get a variable that I can check in my 403 error page – to find the reason why access has been denied.
Any suggestions what I might miss? Is there an Apache2 MOD that can set environment variables based on "IP Address Ranges"?
Best Answer
What you've got (SetEnvIfNoCase Remote_Addr "^a.b.c." env_key=env_value) is the best you'll easily do. I've seen this configuration style implemented on a heavily loaded cluster of machines, without any noticeable performance degradation. I agree using regular expressions, when CIDR ranges are more appropriate is annoying. You could write a small program to automatically generate the config from a list of CIDR ranges.
If you're familiar with Perl, you could create a modperl handler, which would allow/deny requests in whichever way you choose. modperl allows your code to run at different points throughout a HTTP request - mod_perl 2.0 HTTP Request Cycle Phases. PerlAuthzHandler would be the appropriate handler to use.
Lockie