mod_gatekeeper

This is an example of how you can create dynamic access restrictions within Apache HTTPd itself.
You can view the source at http://www.humbedooh.com/mods/gatekeeper/

Directives:

GKEngine [on|off]:

Turns the access restriction checks on or off.

GKMerge [on|off]:

Enables (default) or disables merging of access restrictions with higher level directories and locations.

GKAllow <match> <tech> <list>:

Allows access if <match> matches the criteria set up in <list>. <match> Can be one of the following (or several separated by a comma):

• REMOTE_ADDR: The remote address (IP) of the client connecting
• USER_AGENT: The browser model used (fx. Mozilla/5.0)
• REMOTE_USER: The remote username if basic HTTPD auth is in place

If <tech> is set to file, then mod_gatekeeper will look in the file specified by <list>, matching one single line to <match> if possible.

If <tech> is set to mod_dbd, then mod_gatekeeper will execute the statement specified by <list>.

GKDeny <match> <tech> <list>:

Same as GKAllow, only it denies based on matches.

GKRequire <match> <tech> <list>:

Same as GKAllow, but will fail the entire chain if not matched, whereas GKAllow will only fail if none of the GKAllow directives match.

Examples:

<Location /foo>
    GKEngine On
    GKAllow REMOTE_ADDR file /fo/bar/allowed_ips.txt
    GKDENY USER_AGENT file /foo/bar/bad_agents.txt
</Location>

<Location /foo/bar>
    #Prevent restrictions in /foo to take effect here.
    GKMerge off
    GKRequire REMOTE_ADDR mod_dbd "SELECT `ip` FROM `list` WHERE `ip` = '%s'"
</Location>

Contact: humbedooh [at] apache [dot] org or (+45) 4242 0983.
Please provide cookies or proof of said cookies if you wish to contact me.