mod_authz_dynamic

This is yet another example of dynamic access control, this time via the Require directive.
You can view the source at http://www.humbedooh.com/mods/mod_authz_dynamic/

 

Directives:

Require fromfile match [match2] [match3] filepath:

Checks the filename specified in filepath for any lines matching the criteria and allows access if matched.
Several matches can be specified, making mod_authz_dynamic look for a line with all matches present, separated by spaces.

Currently, match can be any of the following:

Examples:

Suppose you wanted to restrict access to the IP 1.2.3.4:

Require fromfile REMOTE_ADDR /foo/bar/allowed_ips.txt
Require fromfile REMOTE_ADDR USER_AGENT /foo/bar/combined.txt

In the latter example, a line containing "1.2.3.4 Mozilla/5.0" in combined.txt would be a possible match for our user.
If you wanted to deny based on the IP, you can accomplish this by using the Require not syntax:

Require not fromfile REMOTE_ADDR /foo/bar/denied_ips.txt

Require fromdb match [match2] [match3] statement:

Runs the specified statement via the database accessible through mod_dbd and grants access if a match is found.
This directive works much like a printf statement, where each specified match correlates to a %s in the statement.

Example:

Require fromdb REMOTE_ADDR "SELECT `ip` FROM `ips` WHERE `ip` ='%s' AND `allowed` = '1'"


IP blocks:

If applicable, mod_authnz_dynamic will check if the lists contain IP blocks instead of just IPs. Generally, it will retry any failed match as if it was an IP block specification. Assuming an IP of 1.2.3.4 trying to access a site which had 1.2.3.0/24 defined in its allowed IPs, the module would first compare the two strings literally, and if not matched, try to treat 1.2.3.0/24 as an IP block spec, in which case it would match.



Contact: humbedooh [at] apache [dot] org or (+45) 4242 0983.
Please provide cookies or proof of said cookies if you wish to contact me.