Apache 2: SetEnvIf "IP Range"

Solution 1:

You may use CIDR formatting with Apache 2.4 which allows <If>:

<If "%{REMOTE_ADDR} -ipmatch">
    SetEnv banned = spammer-ip

Solution 2:

be aware that variables set through SetEnv are not visible on some operations (see matrix):


your solution is

SetEnvIfExpr "-R '' || -R '' || -R ''" rfc1918

see https://httpd.apache.org/docs/trunk/mod/mod_setenvif.html#SetEnvIfExpr

Solution 3:

What you've got (SetEnvIfNoCase Remote_Addr "^a.b.c." env_key=env_value) is the best you'll easily do. I've seen this configuration style implemented on a heavily loaded cluster of machines, without any noticeable performance degradation. I agree using regular expressions, when CIDR ranges are more appropriate is annoying. You could write a small program to automatically generate the config from a list of CIDR ranges.

If you're familiar with Perl, you could create a modperl handler, which would allow/deny requests in whichever way you choose. modperl allows your code to run at different points throughout a HTTP request - mod_perl 2.0 HTTP Request Cycle Phases. PerlAuthzHandler would be the appropriate handler to use.