Pulling off IP address range filtering with Regex in AWStats

regex ip address rangeRecently I was tasked to create an extra section in an exisiting AWStats configuration which would basically filter users” IP addresses that are contained in a specific range.

In order to do this, I needed to create a new ExtraSection for the administrator to be able to see this list inside the same report used for the website, but in a different section of the report output. ExtraSections in AWStats is a handy feature which enables the creation of a custom report concerning data for specific parts of a website”s traffic.

In order to create the ExtraSection in the first place, one should read up on the official documentation of AWStats, specifically AWStats docs covers the subject extensively.

So, with all the introductory stuff out of the way, onto the task at hand. The problem was defined as follows: “Find all traffic concerning 2 different groups of visitor addresses. Visitors with a DNS ending in example.com and visitors with IP addresses in the range of 172.16.90.* to 172.16.223.*” (the addresses used here are random).

The first part seems easy, and sure enough it is. All that’s needed is an application of the rule “any string ending in example.com” to catch the correct host addresses. Converting the above to REGEX speak, it would be

^(.*example\.com)$

The second part is a bit trickier. What’s needed here is a step by step approach, which makes the whole task less daunting than it might initially seem. Knowing that the first two parts of the IP address are static the regular expression can start taking its form:

^(172.\16\.(.*))$

What the above line says is “Catch all strings starting with 172.16 and ending in whatever”. The tricky part is to actually get the ranges needed. In order for that to work, we need to use conditional statements inside the regex, specifically OR clauses (indicated by | ).

One step at a time, the process is as follows:

First to get everything from .90 to .99

^(172\.16\.(9[0-9])\.(.*))$

To get everything from 100 to 199

^(172\.16\.(1[0-9][0-9])\.(.*))$

To get everything from 200 to 223

^(172\.16\.(2[0-1][0-9]|22[0-3])\.(.*))$

Lastly, to get the whole range, the regex clause will be

^(172\.16\.(9[0-9]|1[0-9][0-9]|2[0-1][0-9]|22[0-3])\.(.*))$

Finished with the regex clause, the only thing left to do is to build the AWStats ExtraSection itself. One thing to note here is that while the OR statement in the above clause was represented with a ”|”, as far as AWStats clauses are concerned, OR is written ”||”. Below is the rule used in the AWStats configuration file itself:

ExtraSectionName1=”Specific Visits” 

ExtraSectionCodeFilter1=”200 304″

ExtraSectionCondition1=”HOST,^(.*example\.com)$ || HOST,^(172\.16\.(9[0-9]|1[0-9][0-9]|2[0-1][0-9]|22[0-3])\.(.*))$”

ExtraSectionFirstColumnTitle1=”Visitor”

ExtraSectionFirstColumnValues1=”HOST,^(.*)$”

ExtraSectionFirstColumnFormat1=”%s”

ExtraSectionStatTypes1=PHBL

ExtraSectionAddSumRow1=1

MaxNbOfExtra1=1000

MinHitExtra1=1

Some resources that I’ve found to be really useful while looking around the web for answers about AWStats in general:
[1] Official AWStats documentation
[2] IO AWStats forum

Leave a Reply

Your email address will not be published. Required fields are marked *