пт, 21 мар. 2025 г. в 16:02, Christopher Schultz <ch...@christopherschultz.net>: > > All, > > Is there a way to load a bunch of allow or deny hosts from a file or > other data-store? I have several dozen CIDR expressions and they will > need to change periodically, so it would be more convenient if I could > load them from at least a file on the disk and clean-up my config a bit. > > I suppose I could > > Include my-allows.conf > Include my-denies.conf > > And then use awk/sed/whatever to convert the lists of hosts into "Allow > from [host]" and "Deny from [host]" but less tooling would be more > convenient, of course.
Hi, Chris! 1. "Allow from ... " and "Deny from ... " (provided by mod_access_compat) are deprecated and replaced by "Require ip" (from mod_authz_host). https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html https://httpd.apache.org/docs/2.4/upgrading.html#run-time 2. If you go on with "Require", it is possible to use expressions there: https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html "Since v2.4.8, expressions are supported within the host require directives." Expressions allow use of functions, such as "file". https://httpd.apache.org/docs/2.4/expr.html I have a configuration where I use this approach with the "Require user" directive. It works, but I have not tested how well this scales up. This looks like the following: "%{file:${SRVROOT}/path/to/file.ext}" where SRVROOT is set with a "Define" directive. The file function is implemented here: https://github.com/apache/httpd/blob/2.4.x/server/util_expr_eval.c#L1105 My understanding is that the file should be a single line, no longer than MAX_FILE_SIZE that is defined there as 10 Mb. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
