I'm using Apache (http
s, in this case, to prevent password sniffing) and PF, yes. The authenticated IP address gets harvested from a continuous
tail -f on the https logfile (grepping/awking lines with a 200 OK status, which means someone must have authenticated themselves), and put in a firewall table using the usual
pfctl -t some_table -T add $ip routine. It's a terrible hack, but it works