0

I've gone through the questions and I couldn't find exactly what I was looking for.

Logically what the request is to only allow certain IPs access to a certain page. All other IPs should be forwarded to a generic 404 rule (Rather than get a security error which just makes some people WANT to get in)

the rule looks like: 

RewriteCond %{REQUEST_URI} ^/Folder/Site/index.hml
RewriteCond  %{REMOTE_HOST} !^IP1
RewriteCond  %{REMOTE_HOST} !^IP2
RewriteCond  %{REMOTE_HOST} !^IP3
RewriteRule $ /Generic404.html [PT,L]

So the previous tech used the above, and I'm VERY new to apache coming from an IIS world its actually very customizable and I'm slowly learning and full-filling my junior role. (From my limited understanding the above will pass every IP EXCEPT IP1,IP2,IP3 to the Generic404.hml page, while IP1,IP2,IP3 will not receive a re-write so they will be able to access the page)

But I'm wondering can the [OR] be used above? Something like:

RewriteCond %{REQUEST_URI} ^/URL
RewriteCond  %{REMOTE_HOST} !^IP-1 [OR]
RewriteCond  %{REMOTE_HOST} !^IP-2 [OR]
RewriteCond  %{REMOTE_HOST} !^IP-3
RewriteRule $ /Generic404.html [PT,L]

I'm curious only because his explanation on why I couldn't use [OR] made no sense to me at all...I'm hoping someone could actually explain it in a way that makes sense to me.

TKL32
  • 21
  • 1
  • 3

1 Answers1

0

The default operator for rewrite conditions is a logical AND. If you replace it with a logical OR you get a different result.

First rule will show a 404 when you don't come from IP1-IP3 because all rewrite conditions have to be fullfilled before the 404 will be shown.

Second rule will always show a 404 if IP1 is not the same value as IP2 and IP3. Because a single condition returning true is enough for the whole rule to be applied. And if IP1 to IP3 have different values at least two of the condition checks will return a true.

Malte Köhrer
  • 1,577
  • 10
  • 19