skip to Main Content

i’m having a question related to ipv6 address that reach a website.
The apache logs, shows clients x-forward ips under ipv4 and ipv6

This website is protected under .htaccess via a ipv4 whitelist for each allowed subnet.

Example :

RewriteCond %{HTTP:X-FORWARDED-FOR}  !^123.45.67
RewriteCond %{HTTP:X-FORWARDED-FOR}  !^123.45.68
RewriteCond %{HTTP:X-FORWARDED-FOR}  !^123.45.69

How can i do the same for a ipv6 prefix , since the following does not seems to work

RewriteCond %{HTTP:X-FORWARDED-FOR}  !^[1234:123:123::/48]

If i specify the ipv6 client ip in the rewritecond it works. But only for a period of time until his ipv6 address gets renewed.

2

Answers


  1. Chosen as BEST ANSWER

    It didn't work.

    Couldn't i achieve it by using the following regex by applying the same principle as the ipv4 conditions listed above where a substring of the value of the X-Forwarded-for is represented ?

    RewriteCond %{HTTP:X-FORWARDED-FOR}  !^1234:123:123
    

  2. Could you try:

    RewriteCond expr "! %{HTTP:X-FORWARDED-FOR} -ipmatch '1234:123:123::/48'"
    

    It implies Apache >= 2.4, native (meaning without the use of an expression) RewriteCond does not handle IP range/CIDR notation.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search