You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Galen Johnson <so...@gmail.com> on 2017/09/05 20:02:33 UTC
[users@httpd] mod_authz_core and http response 451
Hello,
I've googled a bit and I can't find a way to handle this without using a
rewrite rule.
I'm setting up a rule using mod_geoip to block embargoed countries. I set
up the config as follows:
<Location />
# Blocking a client based on country
SetEnvIf GEOIP_COUNTRY_CODE CU BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE IR BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE KP BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE SY BlockCountry
<RequireAll>
Require all granted
<RequireNone>
Require env BlockCountry
</RequireNone>
</RequireAll>
</Location>
This works but returns a 403. I'd like for it to return a 451. Is this
possible? Or am I going to have to stick with using a rewrite rule
(without the require block)?
<IfModule mod_rewrite.c>
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CU|IR|KP|SY)$
RewriteRule ^(.*)$ https://example.com/$1 [NE,R=451,L]
</IfModule>
If there is a preferred way to handle this, I'd be interested in that as
well.
thanks
=G=
Re: [users@httpd] mod_authz_core and http response 451
Posted by Luca Toscano <to...@gmail.com>.
Hi Galen,
2017-09-05 22:02 GMT+02:00 Galen Johnson <so...@gmail.com>:
> Hello,
>
> I've googled a bit and I can't find a way to handle this without using a
> rewrite rule.
>
> I'm setting up a rule using mod_geoip to block embargoed countries. I set
> up the config as follows:
>
> <Location />
> # Blocking a client based on country
> SetEnvIf GEOIP_COUNTRY_CODE CU BlockCountry
> SetEnvIf GEOIP_COUNTRY_CODE IR BlockCountry
> SetEnvIf GEOIP_COUNTRY_CODE KP BlockCountry
> SetEnvIf GEOIP_COUNTRY_CODE SY BlockCountry
>
> <RequireAll>
> Require all granted
> <RequireNone>
> Require env BlockCountry
> </RequireNone>
> </RequireAll>
> </Location>
>
> This works but returns a 403. I'd like for it to return a 451. Is this
> possible? Or am I going to have to stick with using a rewrite rule
> (without the require block)?
>
> <IfModule mod_rewrite.c>
> RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CU|IR|KP|SY)$
> RewriteRule ^(.*)$ https://example.com/$1 [NE,R=451,L]
> </IfModule>
>
> If there is a preferred way to handle this, I'd be interested in that as
> well.
>
>
probably the rewrite rule is more flexible for your use case, I am not
aware of any way of returning something different than 403 after breaching
Require constraints.
Luca