Lighttpd

The "== or !=" allows for netblocks, as regex "=~ or !~" allows for a single ip-address only.

So you can do sth. like this:

$HTTP["remoteip"] != "172.20.0.0/12" {
  url.access-deny = ( "" )
}

$HTTP["remoteip"] != "10.12.0.0/16" {
  url.access-deny = ( "" )
}

$HTTP["remoteip"] !~ "^(x\.x\.26\.166|x\.x\.161\.225|x\.x\.254\.212|x\.x\.149\.91|x\.x\.23\.21|x\.x\.133\.3|x\.x\.159\.25|x\.x\.123\.247)$" {
    url.access-deny = ( "" )
}

Hello all.
This seems not to work for me.

All that I want - is to deny access to anybody except certain IP and a /16 or /24 subnet.

I tried different variants but all the time the subnet is being blocked (and I'm trying to allow):

like this (single remoteip inside single url). But I get "403 Forbidden" to any src ip:

$HTTP["url"] =~ "^/adm/" {
$HTTP["remoteip"] != "33.222.0.0/16" {
        url.access-deny = ( "" )
    }
}

$HTTP["url"] =~ "^/adm/" {
$HTTP["remoteip"] !~ "^(75\.209\.116\.4|79\.31\.34\.79)$" {
    url.access-deny = ( "" )
}
}

like this ( several remoteip inside single url). In this case access is also blocked for all:

$HTTP["url"] =~ "^/adm/" {
    $HTTP["remoteip"] !~ "^(75\.209\.116\.4|79\.31\.34\.79)$" {
        url.access-deny = ("")
    }

    $HTTP["remoteip"] != "33.222.0.0/16" {
        url.access-deny = ( "" )
    }

}

The construction like (with "x"ses as wildcards) this still blocks subnet 33.222.0.0/16 whis is not what I want:

$HTTP["url"] =~ "^/zabbix/" {
    $HTTP["remoteip"] !~ "^(75\.209\.116\.4|79\.31\.34\.79|33\.222\.x\.x)$" {
        url.access-deny = ("")
    }
}

How do you restrict access to certain URL - both for fixed IP addresses and subnets simultaneously ?

Thank you.

Explicitly allow what you want, and then deny the rest.

$HTTP["url"] =~ "^/adm/" {
    $HTTP["remoteip"] == "33.222.0.0/16" {
    }
    else $HTTP["remoteip"] == "75.209.116.4" {
    }
    else $HTTP["remoteip"] == "79.31.34.79" {
    }
    else {
        url.access-deny = ( "" )
    }
}

Works!
Thank you so much!