You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Layne Meier <lm...@ajc.com> on 2005/01/25 20:08:17 UTC

[users@httpd] How can I...

I want to set up my Apache 2.0.5 webserver (running on Sun Solaris 2.8) 
system such that if someone from a known IP Address the system will 
direct him/her to a specific index.html page or if it is an unknown IP 
Address can send them to a specified error code or different index 
page.

Thank you,
Layne Meier


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How can I...

Posted by Christopher Davis <cl...@speakeasy.net>.

Layne Meier wrote:
> I want to set up my Apache 2.0.5 webserver (running on Sun Solaris 2.8) 
> system such that if someone from a known IP Address the system will 
> direct him/her to a specific index.html page or if it is an unknown IP 
> Address can send them to a specified error code or different index page.
> 
> Thank you,
> Layne Meier
> 
I'm not the greatest with Solaris -- but with other unix varients, you 
could do this with apache listening to multiple ports and using iptables:

When creating the firewall rules that are run on the webserver itself 
you could include something for:

iptables config:

#Assignments
iptables="wherever iptables is installed"
known="all.the.addresses.you wish.as.known.addresses"

#rule for known ip addresses
iptables -A INPUT -i eth0 -d 10.0.0.50 -p tcp --dport 80 -s $known -j 
REDIRECT --to-ports 1080

#rule for unknown ip addresses
iptables -A INPUT -i eth0 -d 10.0.0.50 -p tcp --dport 80 -j ACCEPT

Just make sure the 2 rules are in that order or else all traffic on port 
80 will be pushed to the unknown address server.  For apache, listen to 
both ports 80 and 1080 (1080 can be changed to whatever, just used in 
the example).

I haven't done this myself but I'd love to know how that works -- I'd 
love to hear more on this from others how they would do this.

Thanks!!
Christopher Davis



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org