On Tue, Oct 29, 2024 at 5:11 PM Marc <Marc@xxxxxxxxxxxxxxxxx> wrote:
>
> >
> >
> > I am blocking most of amazon,google,azure clouds with ipsets. I also seem
> > to have added (automatically) ranges that were abusive from apple safe
> > browsing (or so?)
> >
> > I would like to remove these ip addresses of apple safe browsing from the
> > tcp filter, but I want httpd to redirect all these ip clients to a single
> > page. Telling users to disable safe browsing.
> >
> > How can I best do this?
> >
>
> I have currently these ranges on my abuse list that match ranges apple is communicating as being used by them. I was also thinking about this marking that you can do with ip tables and then based on the mark, maybe redirect to some page?
>
>
> 104.28.30.0/25
> 104.28.30.128/27
My first suggestion would have been a set of RewriteRule / rewriteCond
to serve a static html page for all clients that match. Since
mod_rewrite doesn't support IP subnet matching, but only regexes on
e.g. "%{REMOTE_ADDR}", that's not really going to be a nice solution
for such a long list of networks.
As an alternative, you can use Require ip
(https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require)
and define a suitable ErrorDocument.
If you're using ip tables, you can re-route the request to a different
TCP port and configure a vhost that serves the chosen document for any
request to any path.
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|