Giving support access to Magento (for EE support) ... with a regex
As part of an EE upgrade, we've just hit a reproducable core bug with 1.11; as we have to focus on the other fixes, we're letting Magento's EE SLA'ed support take care of the core bugs. But, in order to do that, they need access to the machine.
The Magento support IPs
207.86.19.64/28 216.127.124.224/27 67.88.151.96/28 74.62.207.56/29 195.14.124.0/23 178.255.178.34 93.183.209.230 80.92.227.82 208.86.253.141 208.86.253.142 208.86.253.168 208.86.253.233 208.86.253.234 208.86.253.239
As we're restricting Nginx to maintenance mode - we need to open access for their IP ranges. Magento have around 600 IP addresses that they need to you open up, which the majority of is within large subnet blocks; however, Nginx doesn't support subnets for the type of matching we use for maintenance mode.
So first I tried just putting all 600 IPs in, subnet to individual IP conversion was courtesy of TechZoom.
if ($remote_addr ~ (67.88.151.96|67.88.151.97|67.88.151.98|67.88.151.99|67.88.151.100|67.88.151.101|67.88.151.102|6....
But Nginx didn't like this ...
Testing nginx configuration: nginx: [emerg] too long parameter "(67.88.151..."
So a more sensible approach was to use regular expressions for the IP range. No problem for a regex
master like myself (eek!). So I converted the subnet blocks to regex
.
67.88.151.(9[6-9]|10[0-9]|11[01]) 74.62.207.(5[6-9]|6[0-9]|7[0-3]) 195.14.12[45].([0-9]{1,2}|1[0-9]{2}|2[0-4][0-9]|25[0-5]) 216.127.124.2(2[4-9]|[34][0-9]|5[0-5])
And to combine that with the other (non-contiguous) IPs, you get this,
if ($remote_addr ~ "(195.14.12[45].([0-9]{1,2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])|67.88.151.(9[6-9]|10[0-9]|11[01])|74.62.207.(5[6-9]|6[0-9]|7[0-3])|216.127.124.2(2[4-9]|[34][0-9]|5[0-5])|178.255.178.34|93.183.209.230|80.92.227.82|208.86.253.141|208.86.253.142|208.86.253.168|208.86.253.233|208.86.253.234|208.86.253.239)") { set $maintenance off; }