i’m having a question related to ipv6 address that reach a website.
The apache logs, shows clients x-forward ips under ipv4 and ipv6
This website is protected under .htaccess via a ipv4 whitelist for each allowed subnet.
Example :
RewriteCond %{HTTP:X-FORWARDED-FOR} !^123.45.67
RewriteCond %{HTTP:X-FORWARDED-FOR} !^123.45.68
RewriteCond %{HTTP:X-FORWARDED-FOR} !^123.45.69
How can i do the same for a ipv6 prefix , since the following does not seems to work
RewriteCond %{HTTP:X-FORWARDED-FOR} !^[1234:123:123::/48]
If i specify the ipv6 client ip in the rewritecond it works. But only for a period of time until his ipv6 address gets renewed.
2
Answers
It didn't work.
Couldn't i achieve it by using the following regex by applying the same principle as the ipv4 conditions listed above where a substring of the value of the X-Forwarded-for is represented ?
Could you try:
It implies Apache >= 2.4, native (meaning without the use of an expression)
RewriteCond
does not handle IP range/CIDR notation.