This is yet another example of dynamic access control, this time via the
You can view the source at http://www.humbedooh.com/mods/mod_authz_dynamic/
Checks the filename specified in
filepath for any lines matching the criteria and allows access if matched.
Several matches can be specified, making mod_authz_dynamic look for a line with all matches present, separated by spaces.
match can be any of the following:
REMOTE_ADDR: The remote address (IP) of the client
REMOTE_USER: The username of the client if authenticating through Basic HTTP auth
REMOTE_PASS: The corresponding password to said username
USER_AGENT: The client browser model (fx.
Suppose you wanted to restrict access to the IP
Require fromfile REMOTE_ADDR /foo/bar/allowed_ips.txt
Require fromfile REMOTE_ADDR USER_AGENT /foo/bar/combined.txt
In the latter example, a line containing
"126.96.36.199 Mozilla/5.0" in combined.txt would be a possible match for our user.
If you wanted to deny based on the IP, you can accomplish this by using the
Require not syntax:
Require not fromfile REMOTE_ADDR /foo/bar/denied_ips.txt
Runs the specified statement via the database accessible through mod_dbd and grants access if a match is found.
This directive works much like a printf statement, where each specified match correlates to a %s in the statement.
Require fromdb REMOTE_ADDR "SELECT `ip` FROM `ips` WHERE `ip` ='%s' AND `allowed` = '1'"
If applicable, mod_authnz_dynamic will check if the lists contain IP blocks instead of just IPs. Generally, it will retry any failed match as if it was an IP block specification. Assuming an IP of
188.8.131.52 trying to access a site which had
184.108.40.206/24 defined in its allowed IPs, the module would first compare the two strings literally, and if not matched, try to treat
220.127.116.11/24 as an IP block spec, in which case it would match.
Contact: humbedooh [at] apache [dot] org or (+45) 4242 0983.
Please provide cookies or proof of said cookies if you wish to contact me.