Allow only certain ip and referrers in htaccess

Question

I have a ruleset for Apache htaccess to allow access to certain IP address which works perfectly for working under maintenance mode. However, this also blocks some referrers like wordpress.com or google.com from accessing the site. Current ruleset is:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123

RewriteCond %{HTTP_REFERER} wordpress\.com [NC, OR]
RewriteCond %{HTTP_REFERER} google\.com [NC]
RewriteCond %{HTTP_REFERER} ^(.*)$
RewriteRule .* /maintenance.html [R=302]

RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]
RewriteRule .* /maintenance.html [R=302,L]

Above ruleset works but with a glitch its not perfect. Somehow site is accessible from any IP and referrers is out of question. I need a ruleset that allows access to site from certain IP and from certain referrers.

Answer 1

Looks to me like the line

RewriteCond %{HTTP_REFERER} ^(.*)$

matches anything, making the rest of the conditions mute. What is that line there for?

Also, while what you are doing may be fine for your purposes, do be aware that it is not difficult to create a request with a fake referer [sic] header.

Also, if your goal is to allow those particular referers and bump the rest to "maintenance.html", then I think you want the matching conditions negated for the referers. But I may be misunderstanding your intent here.