.htaccess - allow IP addresses- how to?

[dadpups]

Here is the .htaccess file

AuthUserFile /home/xxxxxx/.htpasswd
AuthGroupFile /dev/null
AuthName "Journal of Environmental Hydrology"
AuthType Basic

<limit GET>
satisfy any
order deny,allow
deny from all
allow from 63.76.22.2
allow from 130.116.16.
allow from 130.116.17.
allow from 130.116.18.
allow from 130.116.19.
allow from 144.110.16.
allow from 144.110.17.
allow from 144.110.18.
allow from 144.110.19.
allow from 140.253.201.
allow from 152.83.56.
allow from 152.83.57.
allow from 152.83.58.
allow from 152.83.59.
allow from 152.83.176.
allow from 152.83.177.
allow from 152.83.178.
allow from 152.83.179.
allow from 144.110.36.
require valid-user
</limit>

All .htpasswd can get access.

BUT, HERE IS THE PROBLEM....

Some of the IPs can get access, some say they can't.

Any real smart Apache gurus out there that can suggest why this might be happening?

And its not my host, so please don't ask me to ask my host.

Thanks,

Dadpups

 

[siberian]

Are you sure this is not a case of 'user error'? Is it reproducible?

To test I would ask someone to try from a 'bad IP' and watch the apache logs (access and error). This will show the denial and show the IP they are coming from.

Based on this you/we can debug more.

 

[Newposter]

&quot;Some of the IPs can get access, some say they can't.&quot;

Are you sure that some of these are not dynamic IPs? If your clients have dialup, they may not get in because their IP changed since you wrote the .htaccess file. Have them check their IP immediately before trying to get in, and I'll bet only the ones with static IPs can get in consistently.

Newposter
&quot;Good judgment comes from experience. Experience comes from bad judgment.&quot;

 

[flyingwolf23]

^^^^ exactly^^^^^

One thing you could do to prevent that is allow from a certain subnet of addresses like

allow from 144.110.36.0
allow from 144.110.36.1
allow from 144.110.36.2
allow from 144.110.36.3
allow from 144.110.36.....
allow from 144.110.36.255

that would allow all people from 144.110.36.what ever to enter the domain. However depending on thier isp,they may own many subnets and that would cause even more problems. Please let us know wht you find out so we may help you more.

Semper Fi

http://www.jnatek.kicks-ass.net

http://www.awh.kicks-ass.net

http://www.baby-james.kicks-ass.net

My new Baby BOY!!

 

[dadpups]

Thanks you all for the help so far!

The IPs are static, they belong to a bunch of Aussie research libraries, and were provided to me as static IPs.

Under what conditions could a &quot;static IP&quot;, say 100.100.100.1 be seen by my host as something else like 100.100.100.2?

Dadpups (PI, '64)

 

[ianicr]

If they are using a proxy or NAT then it will show up as there gateway IP Address rather than client ip's. eg If my internal address is 10.10.10.120 and my gateway is 100.100.100.2 then Apache will see 100.100.100.2.

 

[flugh]

One thing you could do to prevent that is allow from a certain subnet of addresses like

allow from 144.110.36.0
allow from 144.110.36.1
allow from 144.110.36.2
allow from 144.110.36.3
allow from 144.110.36.....
allow from 144.110.36.255

Should be able to shorten it up a bit:

Allow from 144.110.36.0/24

(or 255.255.255.0 and more if you want to specify only a few ip addresses).

----
JBR

 

[siberian]

Once again, what is in your access logs? This is the IP they are coming from, regardless of what they gave you.