mod_authz_host allows Allow/Deny to depend on the presence of an environment variable. Although it would be nice to set appropriate env vars once and then use the env var in various places inside Allow/Deny, this doesn't really work in practise, because there is no clean way of setting them w.r.t. IP addresses. In simple network cases, people use string patterns and setenvif. When more complex netmasks are involved, string matches against IP addresses don't work well. The attached patch includes SetEnvIfIP that allows all notations, that Allow/Deny provide (ful IP, partial IP, network/netmask, network/nnn CIDR). I provide a patch against trunk (r420983, which is actual today) and one against 2.2 (r421103). IP matches are allowed against remote_addr and also server_addr (because the latter was simple, but maybe not really useful), also there are domain name matches, which are allowed against everything that mod_setenvf accepts. If there is some interest, I would see, how to also provide this feature as a RewriteCond fpr mod_rewrite.
Created attachment 21584 [details] Add SetEnvIfIP address match to mod_setenvif.c in trunk
Created attachment 21585 [details] Add SetEnvIfIP address match to mod_setenvif.c for 2.2.x
The patch is related to patch http://issues.apache.org/bugzilla/show_bug.cgi?id=41857 but includes slightly more functionality.
The new SetEnvIfExpr directive allows to match by subnet/netmask. See r1039900
2.4.1 is released, closing