$HTTP["remoteip"] != “200.19.1.5|210.45.2.7″ {
in incorrect, of course.
You can match only one IP using == or != operator, like this:
$HTTP["remoteip"] != “200.19.1.5″ {

Note, that you must be careful with comparison operators.
If you want to deny access from everywhere except given IPs like in the example:

$HTTP["remoteip"] !~ “200.19.1.5|210.45.2.7″ {

the IPs like 200.19.1.5x (i.e. 200.19.1.51, .52. and so on) FAILS the condition and are allowed access.
!~ and =~ are substring operators. You must either use them with ^ and $, or just use != and ==.

$HTTP["remoteip"] != “200.19.1.5|210.45.2.7″ {
will do exact IP matching.


$HTTP["remoteip"] != "111.111.111.111" { #example ip
$HTTP["url"] =~ "^subdoman.example.com" {
url.access-deny = ( "" )
}
}


instead of “/24″: $HTTP["remoteip"] =~ “127.0.0.1|10.0.0″
instead of “/16″: $HTTP["remoteip"] =~ “127.0.0.1|10.0″

It’s been more than a year since the last reply, but hey, a search led me here.

thanks :)

follow

———————-
$HTTP["remoteip"] !~ “222.33.0.0/16|61.236.0.0/16|61.236.32.0/20|61.237.11.0/24|61.232.162.0/24|61.235.240.0/24|221.200.0.0/16|211.98.81.0/24|220.201.62.93″ {
url.access-deny = (“”)
}
———————-

why 222.33.36.58 can’t access wesite ?

Noop, it is not possible to specify range using –. However, you can specify network such as 10.0.0.0/8 network or 70.6.2..5/29. For example:

  $HTTP["remoteip"] != "10.0.0.0/8" {
   url.access-deny = ( "" )
  }
}

$HTTP["url"] =~ "^/path/to/rss/" {
$HTTP["remoteip"] != "your-shared-server-ip" {
url.access-deny = ( "" )
}
}

Or just paste your current config (removing your actual domain and IP for security purpose) and exact requirements (output) you want. Then may be I can help you out.

Another possibility is – If you just need to give access to localhost lighttpd from Apache, configure iptables to drop all access.

Thanks for the information. I tried several variations without success.

I spoke with my hosting provider. He explained that the remote ips will be 127.0.0.1 because of the Apache 2 proxy.

Is there a way to use the Apache HTTP_X_FORWARDED_FOR in the conditional instead of remoteip?

The access seems to use that to record ips. This article talks about it a little. http://forum.lighttpd.net/topic/1372#3626

Thanks again for your help. I know this isn’t a standard question but there are probably a lot people in similiar Apache 2/Lighttpd setups.

Thanks,

Bryan

127.0.0.1 is local loopback IP address. This ip address is not routable so you cannot use this IP for restriction i.e. any traffic that a server program sends on the loopback network is addressed to the same server.

To solve your problem use IP address. For example

IF user agent is not foo and if it is not our server IP address do something or
deny access

$HTTP["useragent"] !~ "foo" {
$HTTP["remoteip" ] != "SERVER-IP" {
do-something
}
}


You can restrict RSS usage using URL match also.

I have two applications(Radiant & Mephisto) on the same shared server. I want to be able to restrict access to RSS feeds generated by Mephisto to the other application (Radiant).

I reasoned that this could be accomplished using either the servers IP address or localhost. When I tried 127.0.0.1, it did not restrict anyone.

Am I on the right track with my logic for this type of mod_access module? Alternatively, is it possible to restrict by domain?

Thanks,

Bryan