Allow access in htaccess based on the HTTP:X-FORWARDED-FOR

Question

Hi i should only allow the particular ip address(which is HTTP:X-FORWARDED-FOR adresses) to access the files. I have done it by the following

Options +FollowSymLinks
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP:X-FORWARDED-FOR} !^xxx.xxx.x.xx$
RewriteRule ^$ http://xxx.xxx.x.xx/access_denie.php [R=301,L]

Now i have to allow it for multiple ip for example yyy.yy.y.yy. How can i do it by using htaccess

Answer 1

The ^xxx.xxx.x.xx$ portion of your RewriteCond is simply a regular expression. You can easily use groups to add more IP addresses:

^(xxx\.xxx\.x\.xx|yyy\.yy\.y\.yy)$

You will notice I have escaped all the . s with a backslash - this is because . has a special meaning in a regular expression, and it needs to be escaped if you want it to match only a literal . character.

So your new RewriteCond will look like this:

RewriteCond %{HTTP:X-FORWARDED-FOR} !^(xxx\.xxx\.x\.xx|yyy\.yy\.y\.yy)$

You can easily add more IP addresses, simply separate them with | characters.

Please note, however, that this approach does not give you any real security. It would be easy to spoof a request to get past this. If you need security you should use SSL and a proper authentication system instead.