Giving support access to Magento (for EE support) ... with a regex

Magento Support IP Addresses

As part of an EE upgrade, we've just hit a reproducable core bug with 1.11; as we have to focus on the other fixes, we're letting Magento's EE SLA'ed support take care of the core bugs. But, in order to do that, they need access to the machine.

The Magento support IPs

207.86.19.64/28
216.127.124.224/27
67.88.151.96/28
74.62.207.56/29
195.14.124.0/23
178.255.178.34
93.183.209.230
80.92.227.82
208.86.253.141
208.86.253.142
208.86.253.168
208.86.253.233
208.86.253.234
208.86.253.239

As we're restricting Nginx to maintenance mode - we need to open access for their IP ranges. Magento have around 600 IP addresses that they need to you open up, which the majority of is within large subnet blocks; however, Nginx doesn't support subnets for the type of matching we use for maintenance mode.

So first I tried just putting all 600 IPs in, subnet to individual IP conversion was courtesy of TechZoom.

if ($remote_addr ~ (67.88.151.96|67.88.151.97|67.88.151.98|67.88.151.99|67.88.151.100|67.88.151.101|67.88.151.102|6....

But Nginx didn't like this ...

Testing nginx configuration: nginx: [emerg] too long parameter "(67.88.151..."

So a more sensible approach was to use regular expressions for the IP range. No problem for a regex master like myself (eek!). So I converted the subnet blocks to regex.

67.88.151.(9[6-9]|10[0-9]|11[01])
74.62.207.(5[6-9]|6[0-9]|7[0-3])
195.14.12[45].([0-9]{1,2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])
216.127.124.2(2[4-9]|[34][0-9]|5[0-5])

And to combine that with the other (non-contiguous) IPs, you get this,

if ($remote_addr ~ "(195.14.12[45].([0-9]{1,2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])|67.88.151.(9[6-9]|10[0-9]|11[01])|74.62.207.(5[6-9]|6[0-9]|7[0-3])|216.127.124.2(2[4-9]|[34][0-9]|5[0-5])|178.255.178.34|93.183.209.230|80.92.227.82|208.86.253.141|208.86.253.142|208.86.253.168|208.86.253.233|208.86.253.234|208.86.253.239)") {
set $maintenance off;
}