Apache重写子网IP范围 [英] Apache rewrite subnet ip range

问题描述

有人可以告诉我如何将以下IP范围(属于Cloudfront)放入mod_rewrite吗? 我希望将example.com的非www请求重定向到www.example.com，但不重定向来自以下IP范围的任何IP地址:

Can someone please tell me how to put the following IP ranges (belongs to Cloudfront) in a mod_rewrite? I am looking to redirect the non-www requests for example.com to www.example.com BUT not redirect any IP address coming from IP Ranges below:

54.192.0.0/16
54.230.0.0/16
54.239.128.0/18
54.239.192.0/19
54.240.128.0/18
204.246.164.0/22
204.246.168.0/22
204.246.174.0/23 
204.246.176.0/20 
205.251.192.0/19 
205.251.249.0/24 
205.251.250.0/23 
205.251.252.0/23 
205.251.254.0/24 
216.137.32.0/19 

我使用了一个名为 rgxg 的工具，将上述所有内容从CIDR转换为Regex，并在httpd.conf中创建了以下条目:

I used a tool called rgxg to convert all of the above from CIDR to Regex and created the following entries in my httpd.conf:

    RewriteCond %{HTTP_HOST} ^example\.com$ [NC,OR]

    RewriteCond %{HTTP:X-FORWARDED-FOR} !54\.192(\.(25[0-5]|2[0-4][0-9]||1[0-9]{2}|[1-9]?[0-9])){2} 

    RewriteRule ^/(.*)?$ http://www.example.com/$1 [R=301,NC,NE,L]

我在RewriteCond条目中添加了所有ip范围，但是由于我不想使这篇文章混乱，所以仅包括第一个ip范围.该规则似乎不起作用.如果我只输入一个IP地址，它就可以正常工作.

I have added all the ip ranges in my RewriteCond entries but included only the first one as I didn't want to clutter this post. The rule don't appear to work. If I put just a single IP address, it works without a problem.

有人可以检查一下我在做什么吗?

Can someone please check and see what I'm doing wrong?

谢谢！ -马

推荐答案

让我们看一下第一个范围:

Let's look at the first range:

54.192.0.0/16

在正则表达式中

54\.192(\.(25[0-5]|2[0-4][0-9]||1[0-9]{2}|[1-9]?[0-9])){2} 

请注意双精度||.考虑到调试的难度，即使有一个错误，我也不会觉得丢掉整个东西.

Notice the double ||. Given how hard it is to debug, if there is even one mistake, I don't feel bad throwing the whole thing away.

以下内容不是exact，因为它可以匹配直到999的片段，但是重要的是，它捕获了范围内的所有IP，并且没有其他有效IP.是的.

The following is not quite exact because it would match fragments up to 999, but all that matters is that it catches all IPs in the range, and no other valid IPs. It does.

54\.192\.[0-9]{1,3}\.[0-9]{1,3}

而且很容易阅读.我建议改用它.尝试一下，如果可行，其他的也可以重新访问.

And it's easy to read. I would recommend using that instead. Try it, and if that works, the other ones can also be revisited.

我不确定您如何获得IP，但是根据具体情况，这是另一种选择:

I am not sure how you receive the IP, but depending on context this is another option:

RewriteCond %{REMOTE_ADDR} !^54\.192\.[0-9]{1,3}\.[0-9]{1,3}$

让我们看一下一些潜在范围:

Let's look at some potential ranges:

54.192.0.0/16 => ^54\.192\.[0-9]{1,3}\.[0-9]{1,3}$
54.230.0.0/16 => ^54\.230\.[0-9]{1,3}\.[0-9]{1,3}$
54.239.128.0/18 => ^54\.239\.(?:19[01]|1[3-8][0-9]|12[89])\.[0-9]{1,3}$
54.239.192.0/19 => ^54\.239\.(?:22[0-3]|2[01][0-9]|19[2-9])\.[0-9]{1,3}$
54.240.128.0/18 => ^54\.240\.(?:19[01]|1[3-8][0-9]|12[89])\.[0-9]{1,3}$
204.246.164.0/22 => ^204\.246\.16[4-7]\.[0-9]{1,3}$
204.246.168.0/22 => ^204\.246\.(?:17[01]|16[89])\.[0-9]{1,3}$
204.246.174.0/23  => ^204\.246\.17[45]\.[0-9]{1,3}$
204.246.176.0/20 => ^204\.246\.(?:19[01]|18[0-9]|17[6-9])\.[0-9]{1,3}$
205.251.192.0/19 => ^205\.251\.(?:22[0-3]|2[01][0-9]|19[2-9])\.[0-9]{1,3}$
205.251.249.0/24 => ^205\.251\.249\.[0-9]{1,3}$
205.251.250.0/23 => ^205\.251\.25[01]\.[0-9]{1,3}$
205.251.252.0/23 => ^205\.251\.25[23]\.[0-9]{1,3}$
205.251.254.0/24 =>  ^205\.251\.254\.[0-9]{1,3}$
216.137.32.0/19 => ^216\.137\.(?:6[0-3]|[45][0-9]|3[2-9])\.[0-9]{1,3}$

这篇关于Apache重写子网IP范围的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！