How can I restrict access to IP _and_ User Agent?

I want apache to grant access to clients having the right IP _and_ the
right User Agent only. Both conditions must be fulfilled.

Actually I have:

SetEnvIf User-Agent Firefox let_me_in
Order deny,allow
Deny from all
Allow from $herecomesmyip$
Allow from env=let_me_in

But actually apache is granting access to "Firefox" OR $herecomesmyip
$. I need an AND.

Thanks,
Christian.

On Tue, 13 Mar 2007 16:45:59 -0700, Christian Drewing wrote:

>
> I want apache to grant access to clients having the right IP _and_ the
> right User Agent only. Both conditions must be fulfilled.
>
> Actually I have:
>
> SetEnvIf User-Agent Firefox let_me_in
> Order deny,allow
> Deny from all
> Allow from $herecomesmyip$
> Allow from env=let_me_in
>
> But actually apache is granting access to "Firefox" OR $herecomesmyip
> $. I need an AND.
>
> Thanks,
> Christian.
Try this:
Order allow,deny
Allow from all
Deny from $herecomesmyip$ !
Deny from env=let_me_in !
Someone in the newsgroup mentioned this way to NOT an condition.
It stops NOT "Firefox" OR it stops NOT $herecomesmyip, leaving only those
who satisfy both conditions to proceed. I think I just gave DeMorgan's Law.

Duane

Christian Drewing wrote:
> I want apache to grant access to clients having the right IP _and_ the
> right User Agent only. Both conditions must be fulfilled.
>
> Actually I have:
>
> SetEnvIf User-Agent Firefox let_me_in
> Order deny,allow
> Deny from all
> Allow from $herecomesmyip$
> Allow from env=let_me_in
>
> But actually apache is granting access to "Firefox" OR $herecomesmyip
> $. I need an AND.
>
> Thanks,
> Christian.
>

Read up on the "satisfy" directive. You want a "Satisfy all" to require
all conditions to be fulfilled.

Jim

On Mar 14, 1:56 am, Duane Evenson <d...@invalid.address> wrote:
> On Tue, 13 Mar 2007 16:45:59 -0700, Christian Drewing wrote:
>
> > I want apache to grant access to clients having the right IP _and_ the
> > right User Agent only. Both conditions must be fulfilled.
>
> > Actually I have:
>
> > SetEnvIf User-Agent Firefox let_me_in
> > Order deny,allow
> > Deny from all
> > Allow from $herecomesmyip$
> > Allow from env=let_me_in
>
> > But actually apache is granting access to "Firefox" OR $herecomesmyip
> > $. I need an AND.
>
> > Thanks,
> > Christian.
>
> Try this:
> Order allow,deny
> Allow from all
> Deny from $herecomesmyip$ !
> Deny from env=let_me_in !
> Someone in the newsgroup mentioned this way to NOT an condition.
> It stops NOT "Firefox" OR it stops NOT $herecomesmyip, leaving only those
> who satisfy both conditions to proceed. I think I just gave DeMorgan's Law.

I am not such an expert in apache, but this looks as if everything
except let_me_in OR $herecomesmyip$ will be granted. I need a general
deny with an allow of IP & let_me_in.

On Mar 14, 4:34 am, Jim Hayter <see.reply...@nowhere.invalid> wrote:

> Read up on the "satisfy" directive. You want a "Satisfy all" to require
> all conditions to be fulfilled.

Ah. Read. I think I got it:

SetEnvIf User-Agent Firefox let_me_in
Order deny,allow
Deny from all
Allow from 191.236.178
Allow from env=let_me_in
Satisfy All

This will deny all access and allow only clients that have "Firefox"
in the UA *and* whose originating IP is from 191.236.178.nnn, right?

Christian.

Christian Drewing wrote:
> On Mar 14, 4:34 am, Jim Hayter <see.reply...@nowhere.invalid> wrote:
>
>> Read up on the "satisfy" directive. You want a "Satisfy all" to require
>> all conditions to be fulfilled.
>
> Ah. Read. I think I got it:
>
> SetEnvIf User-Agent Firefox let_me_in
> Order deny,allow
> Deny from all
> Allow from 191.236.178
> Allow from env=let_me_in
> Satisfy All
>
> This will deny all access and allow only clients that have "Firefox"
> in the UA *and* whose originating IP is from 191.236.178.nnn, right?
>
> Christian.
>
>

Correct.