RE: RE: how to redirect ip ranges to warning page

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 	>
> 	> >
> 	> >
> 	> > I am blocking most of amazon,google,azure clouds with ipsets. I
> also seem
> 	> > to have added (automatically) ranges that were abusive from
> apple safe
> 	> > browsing (or so?)
> 	> >
> 	> > I would like to remove these ip addresses of apple safe
> browsing from the
> 	> > tcp filter, but I want httpd to redirect all these ip clients
> to a single
> 	> > page. Telling users to disable safe browsing.
> 	> >
> 	> > How can I best do this?
> 	> >
> 	>
> 	> I have currently these ranges on my abuse list that match ranges
> apple is communicating as being used by them. I was also thinking about
> this marking that you can do with ip tables and then based on the mark,
> maybe redirect to some page?
> 	>
> 	>
> 	> 104.28.30.0/25 <http://104.28.30.0/25>
> 	> 104.28.30.128/27 <http://104.28.30.128/27>
> 
> 	My first suggestion would have been a set of RewriteRule /
> rewriteCond
> 	to serve a static html page for all clients that match. Since
> 	mod_rewrite doesn't support IP subnet matching, but only regexes on
> 	e.g. "%{REMOTE_ADDR}", that's not really going to be a nice
> solution
> 	for such a long list of networks.
> 
> 	As an alternative, you can use Require ip
> 	(https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require)
> 	and define a suitable ErrorDocument.
> 
> 	If you're using ip tables, you can re-route the request to a
> different
> 	TCP port and configure a vhost that serves the chosen document for
> any
> 	request to any path.
> 
> 	Rainer
> 

Yes this is probably the most efficient. I am surprised this seems to work for http and https traffic. I am testing with this now. Only thing I probably am stuck with is having this in GlobalLog.
I prefer to return there everything with 4xx return code, but can't get this for /




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux