I am trying to use the RewriteMap directive in Apache to "white list" (allow only) a mix of certain ranges of IPs and with specific IPs. What makes this tricky for me is that the whitelist will contain a mix of large ranges of IPs such as 131.132.* (or in CIDR notation it would be 131.132.0.0/16) plus specific IPs also in the same list. My understanding is that you cannot use CIDR notation in mod_rewrite because RewriteConds just do simple text-string/character comparisons (Is this correct?). So far, this is what I have come up with for my RewriteMap directive, but not sure it will work. Do you think the following will work to whitelist ranges of IPs in 131.132.*.* (131.132.0.0/16) ... i.e. start range 131.132.0.0 to end range 131.132.255.255) and the range 121.122.123.* (i.e. start range 121.122.123.0 to end range 121.122.123.255) and the specific IP 111.112.113.114, and will block all other IPs? Also, will the back references (%1, %2, %3, %4) in the last three RewriteCond lines (note the RewriteCond lines are "OR'ed") work properly referring back to the first RewriteCond line for all references?
####
#### in whitelist.txt file
####
111.112.113.114 allow
121.122.123.* allow
131.132.*.* allow
Code:
RewriteMap ipslist txt:"/path/to/whitelist.txt"
RewriteCond %{REMOTE_ADDR} ^(\d+)\.(\d+)\.(\d+)\.(\d+)$
RewriteCond ${ipslist:%1.%2.%3.%4|block} ^block$ [OR]
RewriteCond ${ipslist:%1.%2.%3.*|block} ^block$ [OR]
RewriteCond ${ipslist:%1.%2.*.*|block} ^block$
RewriteRule (.*) - [F]#### in whitelist.txt file
####
111.112.113.114 allow
121.122.123.* allow
131.132.*.* allow
