Simple query about the apache Include directive

Question

I understand the principle of including external files into the httpd.conf using the Include directive, but I just want to double-check that I've understood how it works.

On our server, we already include a bunch of configuration files using something like

Include /etc/httpd/conf.d/*.conf

Now I also have a bunch of IP addresses that I know I'm going to need to specify more than once (for restricted access).

At the moment I have:

<Directory "/var/www/html/foo">
    Order deny,allow
    Deny from all
    # IP block 1
    Allow from 1.1.1.1
    Allow from 1.2.3.4
    # IP block 2
    Allow from 2.3.4.5
    Allow from 7.8.9.10
</Directory>

etc

Can I put all those Allow statements into an external file so that it reads something like:

<Directory "/var/www/html/foo">
    Order deny,allow
    Deny from all
    Include /path/to/iplist.conf
</Directory>

<Directory "/var/www/html/bar">
    Order deny,allow
    Deny from all
    Include /path/to/iplist.conf
    # Some extra addresses for this directory
    Allow from 11.12.13.14
    Allow from 20.21.22.23
</Directory>

where iplist.conf just contains

# IP block 1
Allow from 1.1.1.1
Allow from 1.2.3.4
# IP block 2
Allow from 2.3.4.5
Allow from 7.8.9.10

Does that make sense? There isn't any reason that the Include directive should barf over something like this, is there?

Answer 1

Yes, the Include directive works exactly as you think and there's no problem to use it in order to allow certain IP addresses or networks.

Just make sure that your file is NOT in the /etc/httpd/conf.d directory, or it will get included by default in the main httpd.conf file and that may lead to odd results. On a side note, if you use wildcards to include your files, keep in mind that they will be loaded in alphabetical order.