You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Galen Johnson <so...@gmail.com> on 2017/09/05 20:02:33 UTC

[users@httpd] mod_authz_core and http response 451

Hello,

I've googled a bit and I can't find a way to handle this without using a
rewrite rule.

I'm setting up a rule using mod_geoip to block embargoed countries.  I set
up the config as follows:

    <Location />
      # Blocking a client based on country
      SetEnvIf GEOIP_COUNTRY_CODE CU BlockCountry
      SetEnvIf GEOIP_COUNTRY_CODE IR BlockCountry
      SetEnvIf GEOIP_COUNTRY_CODE KP BlockCountry
      SetEnvIf GEOIP_COUNTRY_CODE SY BlockCountry

      <RequireAll>
        Require all granted
        <RequireNone>
          Require env BlockCountry
        </RequireNone>
      </RequireAll>
    </Location>

This works but returns a 403.  I'd like for it to return a 451.  Is this
possible?  Or am I going to have to stick with using a rewrite rule
(without the require block)?

    <IfModule mod_rewrite.c>
        RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CU|IR|KP|SY)$
        RewriteRule ^(.*)$ https://example.com/$1 [NE,R=451,L]
    </IfModule>

If there is a preferred way to handle this, I'd be interested in that as
well.

thanks

=G=

Re: [users@httpd] mod_authz_core and http response 451

Posted by Luca Toscano <to...@gmail.com>.

Hi Galen,

2017-09-05 22:02 GMT+02:00 Galen Johnson <so...@gmail.com>:

> Hello,
>
> I've googled a bit and I can't find a way to handle this without using a
> rewrite rule.
>
> I'm setting up a rule using mod_geoip to block embargoed countries.  I set
> up the config as follows:
>
>     <Location />
>       # Blocking a client based on country
>       SetEnvIf GEOIP_COUNTRY_CODE CU BlockCountry
>       SetEnvIf GEOIP_COUNTRY_CODE IR BlockCountry
>       SetEnvIf GEOIP_COUNTRY_CODE KP BlockCountry
>       SetEnvIf GEOIP_COUNTRY_CODE SY BlockCountry
>
>       <RequireAll>
>         Require all granted
>         <RequireNone>
>           Require env BlockCountry
>         </RequireNone>
>       </RequireAll>
>     </Location>
>
> This works but returns a 403.  I'd like for it to return a 451.  Is this
> possible?  Or am I going to have to stick with using a rewrite rule
> (without the require block)?
>
>     <IfModule mod_rewrite.c>
>         RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CU|IR|KP|SY)$
>         RewriteRule ^(.*)$ https://example.com/$1 [NE,R=451,L]
>     </IfModule>
>
> If there is a preferred way to handle this, I'd be interested in that as
> well.
>
>
probably the rewrite rule is more flexible for your use case, I am not
aware of any way of returning something different than 403 after breaching
Require constraints.

Luca