# handle virtual hosting
# map all domains of a top-level-domain to a single document-root
$HTTP["host"] =~ "(^|\.)example\.org$" {
  server.document-root = "/var/www/htdocs/example.org/pages/"
}

# multiple sockets
$SERVER["socket"] == "127.0.0.1:81" {
  server.document-root = "..."
}

$SERVER["socket"] == "127.0.0.1:443" {
  ssl.pemfile = "/var/www/certs/localhost.pem"
  ssl.engine = "enable"

  server.document-root = "/var/www/htdocs/secure.example.org/pages/"
}

# deny access for all googlebot
$HTTP["useragent"] =~ "Google" {
  url.access-deny = ( "" )
}

# deny access for all image stealers (anti-hotlinking for images)
$HTTP["referer"] !~ "^($|http://www\.example\.org)" {
  url.access-deny = ( ".jpg", ".jpeg", ".png" )
}
else $HTTP["remoteip"] !~ "10.0.0.0/8" {
  url.access-deny = ( "" )
}

# deny the access to www.example.org to all user which
# are not in the 10.0.0.0/8 network
$HTTP["host"] == "www.example.org" {
  $HTTP["remoteip"] != "10.0.0.0/8" {
   url.access-deny = ( "" )
  }
}

# Allow only 200.19.1.5 and 210.45.2.7 to
# have access to www.example.org/admin/
$HTTP["host"] == "www.example.org" {
  #!~ is a perl style regular expression not match
  $HTTP["remoteip"] !~ "^(200\.19\.1\.5|210\.45\.2\.7)$" {
    $HTTP["url"] =~ "^/admin/" {
      url.access-deny = ( "" )
    }
  }
}