This is an example of how you can create dynamic access restrictions within Apache HTTPd itself.
You can view the source at



GKEngine [on|off]:

Turns the access restriction checks on or off.

GKMerge [on|off]:

Enables (default) or disables merging of access restrictions with higher level directories and locations.

GKAllow <match> <tech> <list>:

Allows access if <match> matches the criteria set up in <list>. <match> Can be one of the following (or several separated by a comma):

If <tech> is set to file, then mod_gatekeeper will look in the file specified by <list>, matching one single line to <match> if possible.

If <tech> is set to mod_dbd, then mod_gatekeeper will execute the statement specified by <list>.

GKDeny <match> <tech> <list>:

Same as GKAllow, only it denies based on matches.

GKRequire <match> <tech> <list>:

Same as GKAllow, but will fail the entire chain if not matched, whereas GKAllow will only fail if none of the GKAllow directives match.



<Location /foo>
    GKEngine On
    GKAllow REMOTE_ADDR file /fo/bar/allowed_ips.txt
    GKDENY USER_AGENT file /foo/bar/bad_agents.txt

<Location /foo/bar>
    #Prevent restrictions in /foo to take effect here.
    GKMerge off
    GKRequire REMOTE_ADDR mod_dbd "SELECT `ip` FROM `list` WHERE `ip` = '%s'"


Contact: humbedooh [at] apache [dot] org or (+45) 4242 0983.
Please provide cookies or proof of said cookies if you wish to contact me.