Apache重写子网IP范围 [英] Apache rewrite subnet ip range
问题描述
有人可以告诉我如何将以下IP范围(属于Cloudfront)放入mod_rewrite吗? 我希望将example.com的非www请求重定向到www.example.com,但不重定向来自以下IP范围的任何IP地址:
Can someone please tell me how to put the following IP ranges (belongs to Cloudfront) in a mod_rewrite? I am looking to redirect the non-www requests for example.com to www.example.com BUT not redirect any IP address coming from IP Ranges below:
54.192.0.0/16
54.230.0.0/16
54.239.128.0/18
54.239.192.0/19
54.240.128.0/18
204.246.164.0/22
204.246.168.0/22
204.246.174.0/23
204.246.176.0/20
205.251.192.0/19
205.251.249.0/24
205.251.250.0/23
205.251.252.0/23
205.251.254.0/24
216.137.32.0/19
我使用了一个名为 rgxg 的工具,将上述所有内容从CIDR转换为Regex,并在httpd.conf中创建了以下条目:
I used a tool called rgxg to convert all of the above from CIDR to Regex and created the following entries in my httpd.conf:
RewriteCond %{HTTP_HOST} ^example\.com$ [NC,OR]
RewriteCond %{HTTP:X-FORWARDED-FOR} !54\.192(\.(25[0-5]|2[0-4][0-9]||1[0-9]{2}|[1-9]?[0-9])){2}
RewriteRule ^/(.*)?$ http://www.example.com/$1 [R=301,NC,NE,L]
我在RewriteCond条目中添加了所有ip范围,但是由于我不想使这篇文章混乱,所以仅包括第一个ip范围.该规则似乎不起作用.如果我只输入一个IP地址,它就可以正常工作.
I have added all the ip ranges in my RewriteCond entries but included only the first one as I didn't want to clutter this post. The rule don't appear to work. If I put just a single IP address, it works without a problem.
有人可以检查一下我在做什么吗?
Can someone please check and see what I'm doing wrong?
谢谢! -马
推荐答案
让我们看一下第一个范围:
Let's look at the first range:
54.192.0.0/16
在正则表达式中
54\.192(\.(25[0-5]|2[0-4][0-9]||1[0-9]{2}|[1-9]?[0-9])){2}
请注意双精度||
.考虑到调试的难度,即使有一个错误,我也不会觉得丢掉整个东西.
Notice the double ||
. Given how hard it is to debug, if there is even one mistake, I don't feel bad throwing the whole thing away.
以下内容不是exact
,因为它可以匹配直到999
的片段,但是重要的是,它捕获了范围内的所有IP,并且没有其他有效IP.是的.
The following is not quite exact
because it would match fragments up to 999
, but all that matters is that it catches all IPs in the range, and no other valid IPs. It does.
54\.192\.[0-9]{1,3}\.[0-9]{1,3}
而且很容易阅读.我建议改用它.尝试一下,如果可行,其他的也可以重新访问.
And it's easy to read. I would recommend using that instead. Try it, and if that works, the other ones can also be revisited.
我不确定您如何获得IP,但是根据具体情况,这是另一种选择:
I am not sure how you receive the IP, but depending on context this is another option:
RewriteCond %{REMOTE_ADDR} !^54\.192\.[0-9]{1,3}\.[0-9]{1,3}$
让我们看一下一些潜在范围:
Let's look at some potential ranges:
54.192.0.0/16 => ^54\.192\.[0-9]{1,3}\.[0-9]{1,3}$
54.230.0.0/16 => ^54\.230\.[0-9]{1,3}\.[0-9]{1,3}$
54.239.128.0/18 => ^54\.239\.(?:19[01]|1[3-8][0-9]|12[89])\.[0-9]{1,3}$
54.239.192.0/19 => ^54\.239\.(?:22[0-3]|2[01][0-9]|19[2-9])\.[0-9]{1,3}$
54.240.128.0/18 => ^54\.240\.(?:19[01]|1[3-8][0-9]|12[89])\.[0-9]{1,3}$
204.246.164.0/22 => ^204\.246\.16[4-7]\.[0-9]{1,3}$
204.246.168.0/22 => ^204\.246\.(?:17[01]|16[89])\.[0-9]{1,3}$
204.246.174.0/23 => ^204\.246\.17[45]\.[0-9]{1,3}$
204.246.176.0/20 => ^204\.246\.(?:19[01]|18[0-9]|17[6-9])\.[0-9]{1,3}$
205.251.192.0/19 => ^205\.251\.(?:22[0-3]|2[01][0-9]|19[2-9])\.[0-9]{1,3}$
205.251.249.0/24 => ^205\.251\.249\.[0-9]{1,3}$
205.251.250.0/23 => ^205\.251\.25[01]\.[0-9]{1,3}$
205.251.252.0/23 => ^205\.251\.25[23]\.[0-9]{1,3}$
205.251.254.0/24 => ^205\.251\.254\.[0-9]{1,3}$
216.137.32.0/19 => ^216\.137\.(?:6[0-3]|[45][0-9]|3[2-9])\.[0-9]{1,3}$
这篇关于Apache重写子网IP范围的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!